Insurance company Geico has recently released the preliminary production of a new tool called Tuxtape. This tool enables users to deploy their own infrastructure for creating, assembling, and delivering Live-patches for the Linux kernel. Live patching allows for real-time application of fixes to the Linux core without the need to reboot or stop the system. The project code is written in Rust and is distributed under the Apache 2.0 license.
While companies like Red Hat, Oracle, Canonical, and Suse provide live-patching with vulnerability fixes for their distributions, the tools are limited in functionality. Open projects like elivepatch and linux-livepatching by Gentoo and Debian have faced challenges in development and implementation. Tuxtape aims to offer an independent solution for creating and delivering live-patches that can work with any Linux kernel, not limited to specific distribution packages.
Tuxtape is capable of forming LIVE patch-compatibles that work with tools such as kpatch and other similar tools from SUSE, Oracle, and universal Livepatch. Patches are generated as loadable kernel modules that replace functions in the kernel through the FTRACE subsystem.
Tuxtape has the ability to track vulnerability information in the Linux kernel, rank vulnerabilities based on severity, determine suitability for supported Linux kernels, and generate live-patches from regular patches to LTS kernel versions. The tool also includes a system for monitoring new vulnerabilities, building databases of patches, and an interactive interface for managing live-patch formation.
Furthermore, Tuxtape incorporates a metadata storage server, kernel build-up system, patch generator, patches archive, and client for end hosts. This comprehensive tool aims to