#944476 RFP: lkrg -- Linux Kernel Runtime Guard

Package:
wnpp
Source:
wnpp
Submitter:
Patrick Schleizer
Date:
2026-02-06 18:09:45 UTC
Severity:
wishlist
#944476#5
Date:
2019-11-10 16:42:00 UTC
From:
To:
* Package name    : lkrg
  Version         : 0.7
  Upstream Author : Adam 'pi3' Zabrocki
* URL             : https://www.openwall.com/lkrg/
* License         : GPL-2
  Programming Lang: C
  Description     : Linux Kernel Runtime Guard
A loadable kernel module that performs runtime integrity checking of the
Linux kernel and detection of security vulnerability exploits against
the kernel. As controversial as this concept is, LKRG attempts to
post-detect and hopefully promptly respond to unauthorized modifications
to the running Linux kernel (integrity checking) or to credentials (such
as user IDs) of the running processes (exploit detection). For process
credentials, LKRG attempts to detect the exploit and take action before
the kernel would grant the process access (such as open a file) based on
the unauthorized credentials.

#944476#12
Date:
2019-11-18 20:31:00 UTC
From:
To:
Linux Kernel Runtime Guard (LKRG) protects the kernel. It provides
security through diversity. Similar to running an uncommon operating
system (kernel) would.

It renders whole classes of kernel exploits ineffective. Makes other
exploits less reliable and more difficult to write (see features and
security). LKRG was developed by a security professional with review
from other high profile security professionals (see authorship).

- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Features
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Security
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Authorship

Packaging completed. Lintian --pedantic warning free. Build using
cowbuilder successful. Module will be compiled on machine were installed
using DKMS.

I am not a Debian Developer (DD). This needs a DD to be uploaded to
packages.debian.org.

The source code, /debian folder can be found here:

https://github.com/Whonix/lkrg

The website for the LKRG Debian Package Fork can be found here:

https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG

Build instructions with software signature verification:

https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code

Simpler build instructions without software signature verification:

https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code/Easy

Other references:

- development discussion
- LKRG compilation hardening flags, checksec, hardening-check
- LKRG packagers / downstream wishlist (signed git commits, signed git
tags, version numbers, logo)
- module loading / systemd bug report / suggestion
- LKRG kills VirtualBox host VMs
- announcement of this LKRG Debian package on upstream LKRG mailing list

https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477

https://www.openwall.com/lists/lkrg-users/2019/11/18/3

https://www.openwall.com/lists/lkrg-users/2019/11/13/5

https://www.openwall.com/lists/lkrg-users/2019/11/10/2

https://www.openwall.com/lists/lkrg-users/2019/11/18/1

https://www.openwall.com/lists/lkrg-users/2019/11/18/2

#944476#17
Date:
2020-01-11 01:44:47 UTC
From:
To:

#944476#22
Date:
2020-01-11 01:48:10 UTC
From:
To:
If you are still looking for someone that can upload this for you, file a bug
against sponsorship-requests and block this bug by that one.

#944476#25
Date:
2020-01-11 01:48:10 UTC
From:
To:
If you are still looking for someone that can upload this for you, file a bug
against sponsorship-requests and block this bug by that one.

#944476#30
Date:
2020-02-13 19:39:32 UTC
From:
To:
Talked to upstream about stable security support.

To make Debian stable distribution support possible, upstream offered to
backport security patches from newer versions to whatever version is
frozen in Debian stable should that be required.

Mariusz Zaborski oshogbo@vexillium.org would do that.

Kind regards,
Patrick

#944476#37
Date:
2026-02-06 18:08:44 UTC
From:
To:
I think that's a great moment to package that because of the release of
the version 1.0.
Maybe a couple packages, one lkrg-dkms to the kernel module and another
one lkrg-service, or something like that, to the systemd service.