{{Header}} __NOINDEX__
{{title|title=
Linux Kernel Runtime Guard (LKRG) in Qubes OS Debian or {{q_project_name_long}} VMs
}}
{{#seo:
|description=HowTo: Install LKRG in Qubes Debian or {{q_project_name_short}} Template
|image=P_lkrg2.png
}}
{{ThumbGallery|
[[File:P_lkrg2.png|LKRG logo|50px|link=Linux_Kernel_Runtime_Guard_LKRG]]
[[File:Logo-debian-500x500.png|50px|link=Linux_Kernel_Runtime_Guard_LKRG]]
[[File:Kicksecure-basic-logo.png|50px|link=Download]]
[[File:qubes-logo-blue.png|50px]] '''{{free}}'''
}}
{{intro|
HowTo: Install LKRG in Qubes Debian or {{q_project_name_short}} Template
}}
{{archived}}
<u>'''Deprecated for now, see [[Linux_Kernel_Runtime_Guard_LKRG#Deprecation_in_Kicksecure|LKRG deprecation in Kicksecure]].'''</u>

<u>L</u>inux <u>K</u>ernel <u>R</u>untime <u>G</u>uard (LKRG) protects the kernel. It provides security through diversity and has a similar effect to running an uncommon operating system (kernel). <ref name=homepage>
https://lkrg.org/
</ref>

LKRG renders whole classes of kernel exploits ineffective, while making other exploits less reliable and more difficult to write; see [[Linux_Kernel_Runtime_Guard_LKRG#Features|features]] and [[Linux_Kernel_Runtime_Guard_LKRG#Security|security]]. LKRG was developed by a security professional with reviews undertaken by other high profile security professionals; see [[Linux_Kernel_Runtime_Guard_LKRG#Authorship|authorship]]. For further information, refer to the main [[Linux_Kernel_Runtime_Guard_LKRG|LKRG]] entry.

The instructions below explain how to install LKRG in [[File:qubes-logo-blue.png|15px]] Qubes Debian-based VMs. Most users will want to apply these instructions in the Qubes Debian Template.

[[File:Kicksecure-basic-logo.png|15px|link=Qubes]] {{q_project_name_short}} is supported as well, but in that case the steps to add the signing key and repository should be skipped because they are already present in {{q_project_name_short}}.

For all other platforms [[File:logo-linux-500x500.png|15px]], see [[Linux_Kernel_Runtime_Guard_LKRG|LKRG]].

= Qubes VM Kernel =
Since LKRG is a kernel module, it is required (and advisable) to reconfigure the VM to use a Qubes VM kernel. <ref>
[https://github.com/QubesOS/qubes-issues/issues/5456 cannot compile LKRG (Linux Kernel Runtime Guard) with Qubes dom0 kernel / broken gcc plugins structleak_plugin.so latent_entropy_plugin.so]

This probably occurs due to this recently closed issue which has only filtered through to Qubes OS master branches, but not the stable branches: [https://github.com/QubesOS/qubes-issues/issues/2844 kernel-devel package have broken gcc plugin].

The dom0 kernel compilation bug might be fixed after upgrades. It is unclear if it would then be advisable to use dom0 kernel.
</ref>

Any issues with Qubes VM kernel should not be confused with LKRG. Otherwise, LKRG could be falsely suspected of causing unrelated issues, which wastes time in successfully completing the configuration.

{{Qubes_VM_Kernel}}

= Add Repository =

{{mbox
| type    = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = Skip this step in {{q_project_name_short}}.
}}

{{Project-APT-Repository-Add}}

= Install LKRG =

{{testers-only}}

{{Box|text=
Install LKRG.

{{Install Package|package=
lkrg-dkms linux-headers-amd64
}}
}}

The LKRG installation procedure is complete. Interested users can learn more, consider additional hardening and so on; see [[Linux_Kernel_Runtime_Guard_LKRG|here]] for further information.

= Credits and Source Code =

The [https://lkrg.org/ original] source software is maintained by Adam "pi3" Zabrocki. See also: [[Linux_Kernel_Runtime_Guard_LKRG#Authorship|LKRG authorship]].

[[Linux_Kernel_Runtime_Guard_LKRG/Qubes|This website with Qubes instructions]] and [[Linux_Kernel_Runtime_Guard_LKRG|LKRG Debian Package Website]] is the [https://en.wikipedia.org/wiki/Fork_(software_development) software fork] homepage for LKRG, with a focus on easy installation, added user documentation, and integration with [[Kicksecure]], Debian, [[Whonix]] and other distributions. The software fork source code can be found [https://github.com/{{project_name_short}}/lkrg here].

= References =

Qubes ticket: [https://github.com/QubesOS/qubes-issues/issues/5461 make Linux Kernel Runtime Guard (LKRG) easily avaialble in Qubes]

{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]