January 27, 2020

211 words 1 min read

Elivepatch: Flexible Distributed Linux Kernel Live Patching

Elivepatch: Flexible Distributed Linux Kernel Live Patching

Elivepatch addresses the limitations and shortcomings of the current distributed live patching services as follows: 3rd-party trust: Trust on a third-party service can be eliminated by deploying E …

Talk Title Elivepatch: Flexible Distributed Linux Kernel Live Patching
Speakers Alice Ferrazzi (OSS Embedded Developer, Cybertrust Japan), Takanori Suzuki (Linux OSS developer, Cybertrust Japan Co., Ltd.)
Conference Open Source Summit + ELC Europe
Conf Tag
Location Edinburgh, UK
Date Oct 21-25, 2018
URL Talk Page
Slides Talk Slides
Video

“Elivepatch” addresses the limitations and shortcomings of the current distributed live patching services as follows: • 3rd-party trust: Trust on a third-party service can be eliminated by deploying Elivepatch in-house. • Custom kernel configurations: Live patches can be created for different kernel versions and configurations by varying the parameters to Elivepatch. • Modified kernels: Support is extended to locally modified kernels (e.g. out-of-tree patch sets) by sending the server a list of patches that should be applied before the live patch creation process starts. • Client-generated patches: In Elivepatch, clients specify the live patches to be created whereas current systems only support vendor-generated patches. • Security auditing: Elivepatch is completely open source and thus fully auditable. We will also talk also about future ideas: • Porting to different distributions • Livepatch CI/CD testing

comments powered by Disqus