LLEXT - security aspects #76700
Assignees
Labels
area: llext
Linkable Loadable Extensions
area: Security
Security
Enhancement
Changes/Updates/Additions to existing features
Comments
ceolin
added
Enhancement
|
Some of these items are in the roadmap #71584 |
|
Relevant to this discussion are initializer functions seemingly from C++, see #76724 |
|
We asked some of these questions in the context of SOF but it wasn't the priority: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
LLEXT has emerged as a popular and powerful feature, enabling greater flexibility and
modularity in embedded systems. This functionality allows the dynamic
loading and unloading of code at runtime, without the need to
reboot the system or recompile the entire kernel.
While it offers significant advantages in flexibility and modularity, it also introduces
several security implications that must be carefully managed.
Code authenticity and integrity
Malicious extension could be loaded
compromising the system. We need to verify the authenticity and
integrity of extensions before they are loaded.
Access control and permission
Avoid excessive or unintended access to critical system resources. Usermode address
this, but we need a proper way to setup kobjects and how to access them.
Is dynamically creating kobjects needed ?
Is there anything can be done without usermode ?
Logging / auditing
Logs and audits of extension activities related to loading and unloading
Resource management
Protection against DoS ?
Legal considerations
Extension licensing ?
The text was updated successfully, but these errors were encountered: