Linux Security News Archives
Trenchboot Secure Launch Support For Linux Sees New Patches

For a while now Oracle engineers and others have been working on Trenchboot as a means of secure launch/boot support when paired with the likes of Intel TXT and AMD SKINIT for trusted execution and configuring each piece of the software boot chain for trusted/secure handling. The latest kernel patches have been sent out for review for secure launching of the kernel.

25 September 2020 - Trenchboot - 6 Comments
Google Engineer Calls For Greater Collaboration On Speculative Execution Mitigations

When it comes to kernel address space isolation (ASI) and other yet-to-be-merged security features around fending off speculative execution attacks, there are multiple concurrent efforts by many of the public cloud providers and other hyperscalers. A Google engineer at this week's Linux Plumbers Conference has called for more collaboration in this area to ideally provide a unified solution.

28 August 2020 - Address Space Isolation, Etc - 6 Comments
Kernel ASI Still Being Worked On For Protecting Against Hyper Threading Data Leaks

At this week's Linux Plumbers Conference there were DigitalOcean engineers providing an update on their CoreScheduling work in the era of vulnerabilities affecting Hyper Threading. Oracle meanwhile presented today at LPC2020 on their Kernel Address Space Isolation (ASI) functionality for dealing with Hyper Threading data leakage in a different manner, but the performance costs are still being evaluated.

26 August 2020 - Address Space Isolation - Add A Comment
Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Security researchers from Graz University of Technology and CISPA Helmholtz are out with their latest findings on CPU speculative execution vulnerabilities, namely taking another look at L1TF/Foreshadow. Their findings are bad news not only for Intel but potentially other CPU vendors as well.

6 August 2020 - Reviving Foreshadow - 42 Comments
FGKASLR Revved For Improving Linux Kernel Security

Intel open-source developer Kristen Carlson Accardi continues work on Function Granular Kernel Address Space Layout Randomization (FGKASLR) as a big improvement over traditional KASLR address space layout randomization.

23 July 2020 - Function Granular KASLR - 10 Comments
Another Attack Vector Uncovered For Bypassing Linux Lockdown Via ACPI Tables

This weekend we reported on how injecting ACPI tables could lead to bypassing Linux's lockdown / UEFI Secure Boot protections and let attackers load unsigned kernel modules. That earlier issue was found on a patched version of the Ubuntu 18.04 LTS kernel while now a similar attack vector has been discovered on the mainline Linux kernel.

15 June 2020 - Linux Lockdown Bypass - 10 Comments
SELinux Seeing Performance Improvements With Linux 5.7

A few months back when we last looked at the performance impact of having SELinux enabled there was a hit but not too bad for most workloads. But we'll need to take another look soon as with the Linux 5.7 kernel are some performance improvements and more for SELinux.

2 April 2020 - Linux 5.7 SELinux - 5 Comments
Linux 5.6 Crypto Code Brings The New AMD TEE Driver

Herbert Xu sent in all of the crypto subsystem changes on Tuesday for the in-development Linux 5.6 kernel. Interesting us the most out of this crypto work is the AMD Trusted Execution Environment (TEE) driver.

28 January 2020 - Trusted Execution - 5 Comments

162 Linux Security news articles published on Phoronix.