Intel Proposes Linux Kernel Driver Allow/Deny Filtering

As part of their work around Trust Domain Extensions (TDX) support for Linux, Intel engineers are proposing a driver filter option for Linux to be able to set allow or deny lists of driver(s) that can or cannot be loaded by the booted kernel.

In order to reduce the attack surface within guest virtual machines while still wanting to be able to use the same kernel build between a host and guest, Intel engineers are looking to add this driver filter support to the kernel. When booting the guest, via the kernel command-line they can just specify the specific drivers to allow to be loaded by the kernel or alternatively setting a list of specific drivers that shouldn't be allowed to be loaded by the system.

By default this proposal doesn't change any default behavior of the kernel. The driver filter framework would make use of filter_deny_drivers= and filter_allow_drivers= options for easily specifying what kernel drivers to permit without having to physically remove any modules or rebuild the kernel with a different Kconfig. The driver filter status on a running system with this patch can also be queried via sysfs.

More details on this proposed driver filter framework for the Linux kernel via the kernel mailing list.