lkrg-module: Add Linux Kernel Runtime Guard

For more info see: https://github.com/openwall/lkrg

Add to local.conf:
IMAGE_INSTALL_append = " kernel-module-lkrg"

Need these kconfig options enabled:
CONFIG_KALLSYMS_ALL=y
CONFIG_JUMP_LABEL=y
CONFIG_DEBUG_KERNEL=y

To invoke module:

sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1

Signed-off-by: Armin Kuster <akuster808@gmail.com>

recipes-kernel/lkrg/files/makefile_cleanup.patch

@@ -0,0 +1,73 @@
+Upstream-Status: Pending
+
+This needs more work. Its my starting point.
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: lkrg-0.9.0/Makefile
+===================================================================
+--- lkrg-0.9.0.orig/Makefile
++++ lkrg-0.9.0/Makefile
+@@ -4,28 +4,10 @@
+ # Author:
+ #  - Adam 'pi3' Zabrocki (http://pi3.com.pl)
+ ##
+-
+-P_OUTPUT = output
+ P_PWD ?= $(shell pwd)
+-P_KVER ?= $(shell uname -r)
+-P_BOOTUP_SCRIPT ?= scripts/bootup/lkrg-bootup.sh
+-TARGET := p_lkrg
+-ifneq ($(KERNELRELEASE),)
+-    KERNEL := /lib/modules/$(KERNELRELEASE)/build
+-else
+-    ## KERNELRELEASE not set.
+-    KERNEL := /lib/modules/$(P_KVER)/build
+-endif
+-
+-#
+-# Uncomment for debug compilation
+-#
+-# ccflags-m := -ggdb -DP_LKRG_DEBUG_BUILD -finstrument-functions
+-# ccflags-y := ${ccflags-m}
+-# p_lkrg-objs += src/modules/print_log/p_lkrg_debug_log.o
+ 
+-obj-m += $(TARGET).o
+-$(TARGET)-objs += src/modules/ksyms/p_resolve_ksym.o \
++obj-m := p_lkrg.o
++p_lkrg-y := src/modules/ksyms/p_resolve_ksym.o \
+                   src/modules/hashing/p_lkrg_fast_hash.o \
+                   src/modules/comm_channel/p_comm_channel.o \
+                   src/modules/integrity_timer/p_integrity_timer.o \
+@@ -91,23 +73,14 @@ $(TARGET)-objs += src/modules/ksyms/p_re
+                   src/p_lkrg_main.o
+ 
+ 
+-all:
+-#	$(MAKE) -C $(KERNEL) M=$(P_PWD) modules CONFIG_DEBUG_SECTION_MISMATCH=y
+-	$(MAKE) -C $(KERNEL) M=$(P_PWD) modules
+-	mkdir -p $(P_OUTPUT)
+-	cp $(P_PWD)/$(TARGET).ko $(P_OUTPUT)
+-
+-install:
+-	$(MAKE) -C $(KERNEL) M=$(P_PWD) modules_install
+-	depmod -a
+-	$(P_PWD)/$(P_BOOTUP_SCRIPT) install
+ 
+-uninstall:
+-	$(P_PWD)/$(P_BOOTUP_SCRIPT) uninstall
++modules:
++	$(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules
++
++modules_install:
++	$(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules_install
+ 
+ clean:
+-	$(MAKE) -C $(KERNEL) M=$(P_PWD) clean
+-	$(RM) Module.markers modules.order
+-	$(RM) $(P_PWD)/src/modules/kmod/client/kmod/Module.markers
+-	$(RM) $(P_PWD)/src/modules/kmod/client/kmod/modules.order
+-	$(RM) -rf $(P_OUTPUT)
++	rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c
++	rm -f Module.markers Module.symvers modules.order
++	rm -rf .tmp_versions Modules.symvers

recipes-kernel/lkrg/lkrg-module_0.9.0.bb

@@ -0,0 +1,33 @@
+SUMMARY = "Linux Kernel Runtime Guard"
+DESCRIPTION="LKRG performs runtime integrity checking of the Linux \
+kernel and detection of security vulnerability exploits against the kernel."
+SECTION = "security"
+HOMEPAGE = "https://www.openwall.com/lkrg/"
+LICENSE = "GPLv2"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d931f44a1f4be309bcdac742d7ed92f9"
+
+DEPENDS = "virtual/kernel elfutils"
+
+SRC_URI = "https://www.openwall.com/lkrg/lkrg-${PV}.tar.gz \
+           file://makefile_cleanup.patch "
+
+SRC_URI[sha256sum] = "a997e4d98962c359f3af163bbcfa38a736d2a50bfe35c15065b74cb57f8742bf"
+
+S = "${WORKDIR}/lkrg-${PV}"
+
+inherit module kernel-module-split
+
+MAKE_TARGETS = "modules"
+
+MODULE_NAME = "p_lkrg"
+
+module_do_install() {
+    install -d ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME}
+    install -m 0644 ${MODULE_NAME}.ko \
+    ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME}/${MODULE_NAME}.ko
+}
+
+RPROVIDES_${PN} += "kernel-module-lkrg"
+
+COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"