Don’t miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Kernel Hardening With Protection Keys – Kevin Brodsky, Arm
Protecting the kernel from data-only attacks is a growing concern that is increasingly addressed through hypervisor-based solutions. A lightweight alternative may be found in protection keys (pkeys), a hardware mechanism that provides a per-thread and easily switchable view of memory. While pkeys are currently available to userspace on supported architectures, their potential for enhancing kernel security remains unused.
This talk demonstrates how pkeys can be leveraged within the kernel to protect critical data structures, such as page tables and credentials. We will show how this approach can be implemented and present an evaluation of its performance impact on arm64, illustrating its feasibility for real-world deployment.
Attendees will leave with a deeper understanding of how pkeys can enhance kernel security, the trade-offs involved, and the potential for adoption in future Linux hardening efforts.
