Making a Kernel Extension Key Safe

Edit online

Key-safe kernel extensions do not directly refer to either the internal data structures of the kernel or user space addresses.

To make a kernel extension key-safe, follow these steps:
  1. Decide which kernel key set, if any, can be the basis for the key set of your module.
  2. Optionally, remove any unnecessary keys from your copy of the kernel key set.
  3. Convert the kernel key set to a hardware key set.
  4. Place add and replace protection gates at or near all entry points (except initialization). See Protection Gates.
  5. Place restore gates at or near exit points.
  6. Link your extension with the new -b ras flag to identify the extension to the system as reliability, availability, and serviceability aware.
    Restriction: You must specify -q noinlglue to ensure that the compiler does not generate inline pointer glue.