FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022
FGKASLR is a step-up over the Kernel Address Space Layout Randomization widely used right now by the Linux kernel for thwarting attacks relying upon known positions of the kernel within memory. Rather than just randomizing the base address that can be figured out with enough guessing or leakage, FGKASLR will randomize the layout down to a code function level.
As a result, FGKASLR is much more robust for protecting systems against attacks relying upon known positions in memory. FGKASLR testing shows only minor impact to boot time performance from the function reordering/randomization. Sent out this past week were the FGKASLR v9 patches. The updated patches turns Assembly function sections on by default but can be disabled now if desired, deduplication of more code, always printing kallsyms in a random order for unprivileged users even if FGKASLR is disabled, and other code improvements.
FGKASLR is great for Linux security but can have some known implications on performance and kernel size.
If all goes well we will see this open-source Intel-led security feature land in a Linux kernel in the near future. Already in Linux 5.16 are some early preparations for FGKASLR.