Kernel Hardening: Linux Kernel Runtime Guard

Import the Linux Kernel Runtime Guard (LKRG) from OpenWall by Adam
Zabrocki and and Alex Peslyak.

LKRG provides additional tiers of mitigation by actively hashing
and validating kernel memory regions, further restricting access
to common LPE and escape vectors, as well as mechanisms for
modifying the running kernel commonly used to bypass LSMs. LKRG
can be built directly into the kernel to provide enforcement from
early-boot, but should be deployed as a module initially while
tunables and operational stability are ironed out and validated on
this platform. More information is available at the projects
homepage: https://www.openwall.com/lkrg/ and in their source repo:
https://github.com/openwall/lkrg

Author: RageLtMan

patch/0000-Linux-Kernel-Runtime-Guard.patch

@@ -0,0 +1,25 @@
+diff --git i/security/Kconfig w/security/Kconfig
+index 0d798a1f4..f53076cd1 100644
+--- i/security/Kconfig
++++ w/security/Kconfig
+@@ -321,6 +321,7 @@ source security/loadpin/Kconfig
+ source security/yama/Kconfig
+ 
+ source security/integrity/Kconfig
++source security/lkrg/Kconfig
+ 
+ choice
+ 	prompt "Default security module"
+diff --git i/security/Makefile w/security/Makefile
+index 507ac8c52..c2a7493be 100644
+--- i/security/Makefile
++++ w/security/Makefile
+@@ -33,3 +33,8 @@ obj-$(CONFIG_INTEGRITY)			+= integrity/
+ 
+ # Allow the kernel to be locked down
+ obj-$(CONFIG_LOCK_DOWN_KERNEL)		+= lock_down.o
++
++# LKRG file list
++subdir-$(CONFIG_SECURITY_LKRG)         += lkrg
++obj-$(CONFIG_SECURITY_LKRG)            += lkrg/
++