LFD440 Linux Kernel Debugging and Security

Linux Kernel Internals and Debugging provides experienced programmers with a solid understanding of the Linux kernel. Upon mastering this material, you will have a basic understanding of the Linux architecture, kernel algorithms, scheduling, hardware and memory management, modularization techniques and debugging, as well as how the kernel developer community operates and how to efficiently work with it. This five day course includes extensive hands-on exercises and demonstrations designed to give you the necessary tools to develop and debug Linux kernel code.

The course is based on both the most upstream recent Linux kernel version, and maintains compatibility with the kernel versions used by at least the last two releases of the major Linux distributions.


This course is for those interested in learning how to write and/or debug Linux kernel code.

Knowledge of basic kernel interfaces and methods such as how to write, compile, load and unload modules, use synchronization primitives, and the basics of memory allocation and management, such as is provided by LFD420. Pre-class preparation material will be provided before class.


  • Introduction
  • Preliminaries
  • How to Work in OSS Projects **
  • Kernel Features
  • Reducing Attack Surfaces
  • Kernel Deprecated Interfaces
  • Kernel Structure Layout Randomization
  • Introduction to Linux Kernel Security
  • Secure Boot VM Setup
  • Secure Boot
  • Module Signing
  • Integrity Measurement Architecture (IMA)
  • Linux Security Modules (LSM)
  • SELinux
  • AppArmor
  • Lockdown
  • Netfilter
  • Netlink Sockets**
  • Monitoring and Debugging
  • Printk
  • The proc Filesystem **
  • The proc Filesystem **
  • Ftrace
  • Perf
  • eBPF
  • Crash
  • kexec
  • Kernel Core Dumps
  • QEMU
  • Linux Kernel Debugging Tools
  • Closing and Evaluation Survey
  • Kernel Architecture I
  • Kernel Programming Preview
  • Modules
  • Kernel Architecture II
  • Kernel Configuration and Compilation
  • Kernel Style and General Considerations
  • Race Conditions and Synchronization Methods
  • Memory Addressing
  • Memory Allocation

** These sections may be considered in part or in whole as optional. They contain either background reference material, specialized topics, or advanced subjects. The instructor may choose to cover or not cover them depending on classroom experience and time constraints.


Wer möchte, reist bis 22 Uhr am Vortag an und nutzt den Abend bereits zum Fachsimpeln am Kamin oder im Park.

An den Kurstagen dann von 9-18 Uhr (mit 2 Kaffee- und 1 Mittagspause) etwa 60% Schulungen und 40% Übungen. Selbstverständlich arbeitet jeder Teilnehmer am von uns gestellten Notebook oft parallel zum Referenten mit.

Anschließend Abendessen und Angebote für Fachsimpeln, Ausflüge uvm. Wir schaffen eine Atmosphäre, in der Fachleute sich ungezwungen austauschen. Wer das nicht will, wird zu nichts gezwungen und findet auch jederzeit Ruhe.