I think it would be interesting to have a processor that allowed you to specify a page mask of immutable pages once you cross a one-way privilege/ring threshold.
Does such a MMU/proc feature exist already? Seems like a feature like LKRG would be pretty effective in a case like that.
And if so the big remaining risk would be to the boot device chain security (which LKRG considers out of scope and for which several processors/SoCs already have covering security features).
Does such a MMU/proc feature exist already? Seems like a feature like LKRG would be pretty effective in a case like that.
And if so the big remaining risk would be to the boot device chain security (which LKRG considers out of scope and for which several processors/SoCs already have covering security features).