Yunseong Kim

Other Social: https://www.linkedin.com/in/yunseong-kim-linux-kernel/

salsa profile: https://salsa.debian.org/ysk

gitlab profile: https://salsa.debian.org/ysk

github profile: https://github.com/kzall0c

Linux Kernel: Linux Kernel contributor & vulnerability researcher.
Perf tools wiki: Maintaining the Linux Perf tools Wikipedia based on Markdown.

See my DebConf25 Slide: https://salsa.debian.org/ysk/debconf25-session

Accepted Talks:

Exploring Linux Kernel DEPT for sophisticated Deadlock and Wait Dependency Detection

Introduction to the Problem

  • Linux kernel relies on robust synchronization, but complex deadlocks and subtle dependencies persist.
  • Lockdep, while powerful for lock order violations, has limitations:
  • Shuts down after the first detected issue.
  • Primarily focuses on traditional lock primitives, potentially missing broader synchronization patterns.

Introducing Linux Kernel DEPT (Dependency Tracking Tool)

  • A new development designed to address Lockdep’s shortcomings.
  • Focuses on tracking dependencies across a wider array of synchronization mechanisms.
  • Examples: wait_for_completion(), waitqueues, PG_locked.
  • Aims to detect deadlocks that Lockdep might miss.

Session Content

  • Brief overview of DEPT’s concept and its unique approach to dependency analysis.
  • Live Demonstration: Showcase DEPT’s capabilities by analyzing a real-world scenario where Lockdep might fall short or generate a false positive in complex nested locking.
  • Illustrate how DEPT provides deeper insights into kernel behavior and pinpoints subtle, hard-to-find concurrency bugs.

Interactive Session

  • Call to Action: Participants encouraged to share experiences, discuss DEPT’s potential, and contribute to its ongoing development.
  • Goal: Explore how DEPT can enhance the arsenal against elusive kernel bugs.

Rethinking Cryptography in the Linux Kernel: Preparing for the Post-Quantum (PQC) Era

Preparing the Linux Kernel for Post-Quantum Cryptography (PQC)

This session explores practical steps and considerations for enabling Post-Quantum Cryptography (PQC) support in the Linux kernel, focusing on integration strategies relevant to open-source contributors and kernel developers.

Why It Matters

  1. Current public-key cryptography (e.g., RSA, ECDSA) is susceptible to attacks from quantum computers.
  2. To ensure long-term security of the Linux ecosystem, proactive adoption of quantum-resistant algorithms is crucial.
  3. While userspace projects like OpenSSH, OpenSSL, and WireGuard have started testing hybrid PQC schemes, the Linux kernel also needs a clear roadmap to stay aligned.

Focus of This Talk

  1. Emphasis is on practical groundwork, not theoretical cryptographic research.
  2. The session examines where PQC can be introduced in the kernel and how to structure early experimentation.

Key Considerations

  1. Standards Alignment: Keeping track of NIST’s PQC algorithm standardization and migration guidelines.
  2. Industry Readiness: Insights from PQCC, NCSC, and tech companies working on post-quantum transition strategies.
  3. Open Source Landscape: How existing open-source projects are implementing hybrid PQC (e.g., Kyber + X25519 in OpenSSH) and what we can learn from them.
  4. Migration Risks: Hybrid algorithms, performance bottlenecks, and potential compatibility issues in kernel-level code.

Where PQC Can Be Applied in the Kernel

  1. Integrity and Code Signing
  2. PQC-based verification for:
    • Kernel module signing (e.g., replacing RSA keys in sign-file tool).
    • Firmware validation (UEFI secure boot flow).
  3. In-Kernel Key Exchange & Encryption
  4. IPsec / WireGuard kernel modules using PQC-enabled key exchange (e.g., Kyber).
  5. PQC integration with the Linux kernel’s key management (keyrings) subsystem.
  6. Filesystem and Storage Security
  7. PQC-enhanced encrypted filesystems (e.g., fscrypt, dm-crypt) in long-term archival scenarios.

Practical Use Cases

  1. IoT Devices: Embed PQC verification into firmware signing to protect devices with 10+ year life cycles.
  2. VPN and Secure Tunneling: WireGuard or IPsec with hybrid post-quantum key exchanges to protect against harvest-now, decrypt-later attacks.
  3. Kernel Module Security: Use PQC algorithms for kernel module signing and verification, especially on high-assurance systems.
  4. Long-Term Storage: Files encrypted today may still need to be secure in 20–30 years—PQC strengthens archival encryption.

Objectives

  • Identify kernel subsystems and integration points where PQC support can be introduced with minimal disruption.
  • Provide initial examples and guidelines for developers interested in contributing PQC support.
  • Encourage collaborative exploration in the open-source community to build a quantum-safe future for the Linux kernel.