Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 26 Apr 2020 15:53:14 +0200
From: Adam Zabrocki <>
Subject: Re: LKRG unfit for installation by default in Whonix /
 Kicksecure due to kernel boot console output - usability issue

On Sun, Apr 26, 2020 at 02:27:43PM +0200, Solar Designer wrote:
> On Sun, Apr 26, 2020 at 12:07:48PM +0000, Patrick Schleizer wrote:
> > I see a lot code duplication there.
> FWIW, code duplication is one of my biggest complaints about LKRG code
> quality, and something I think we need to improve (reduce).
> In some special cases, Adam reasonably defends some code duplication by
> consideration of attacks on LKRG itself.  But in most cases the code
> duplication is just the way LKRG happens to be currently written, and
> should ideally be avoided, in my opinion.
> Alexander

There are a few aspects of that. Majority of the time we have it by purpose in 
tasks integrity related functionality, e.g. to avoid generating trivial 
ROP-gadgets or other security-related issues (like CPU flags being inlined 
However, entire kINT (CI) integrity routine itself is a mess and need to be 
rewritten. However, I do find more urgent / important tasks to work on than 
that. However, I want to rewrite this huge and long routine at some point 
(it was originally designed like that from the possible 
self-encryption and metamorhic reasons - it's a long story).


pi3 (pi3ki31ny) - pi3 (at) itsec pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.