Re: Reducing runtime complexity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 01, 2022 at 09:09:04PM +0100, Stefan Bavendiek wrote:
Some time ago I wrote a thesis about complexity in the Linux kernel and
how to reduce it in order to limit the attack surface[1]. While the
results are unlikely to bring news to the audience here, it did
indicate some possible ways to avoid exposing optional kernel features
when they are not needed. The basic idea would be to either build or
configure parts of the kernel after or during the installation on a
specific host. Distributions are commonly shipping the kernel as one
large binary that includes support for nearly every hardware driver and
optional feature

Is this really true? Most drivers are built as loadable modules and are
only loaded when the hardware is present.

Are you suggesting to configure-out the modules that are always static?
This sounds like an embedded system build.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux