Benchmarking The Performance Overhead To LKRG 0.8 For Better Security
Back in March I benchmarked the Linux Kernel Runtime Guard (LKRG) as a means of achieving additional security safeguards for a ~5% performance hit. With LKRG 0.8 having been released a few days ago, here is a fresh look at the LKRG performance compared to the stock kernel on Ubuntu 20.04 LTS.
LKRG adds runtime integrity checking to the Linux kernel and other runtime detection of security exploits. LKRG 0.8 was released last week and the focus of our latest benchmarking. LKRG 0.8 adds new safeguards as well as support for newer kernel builds, experimental 32-bit ARM and Raspberry Pi support, new tunables, and other changes.
For this straight-forward benchmarking, an Intel Core i9 9900K box was used with a fresh install of Ubuntu 20.04 LTS with its stock Linux 5.4 kernel. Benchmarks were carried out and then repeated after building and installing the LKRG module for this added layer of security. Via the Phoronix Test Suite several dozen benchmarks were carried out for getting a better idea of the current performance implications.