Elivepatch: Flexible Distributed Linux Kernel Live Patching
Elivepatch addresses the limitations and shortcomings of the current distributed live patching services as follows: 3rd-party trust: Trust on a third-party service can be eliminated by deploying E …
| Talk Title | Elivepatch: Flexible Distributed Linux Kernel Live Patching |
| Speakers | Alice Ferrazzi (OSS Embedded Developer, Cybertrust Japan), Takanori Suzuki (Linux OSS developer, Cybertrust Japan Co., Ltd.) |
| Conference | Open Source Summit + ELC Europe |
| Conf Tag | |
| Location | Edinburgh, UK |
| Date | Oct 21-25, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
“Elivepatch” addresses the limitations and shortcomings of the current distributed live patching services as follows: • 3rd-party trust: Trust on a third-party service can be eliminated by deploying Elivepatch in-house. • Custom kernel configurations: Live patches can be created for different kernel versions and configurations by varying the parameters to Elivepatch. • Modified kernels: Support is extended to locally modified kernels (e.g. out-of-tree patch sets) by sending the server a list of patches that should be applied before the live patch creation process starts. • Client-generated patches: In Elivepatch, clients specify the live patches to be created whereas current systems only support vendor-generated patches. • Security auditing: Elivepatch is completely open source and thus fully auditable. We will also talk also about future ideas: • Porting to different distributions • Livepatch CI/CD testing
