{"id":24366975,"url":"https://github.com/google/deku","last_synced_at":"2025-04-15T18:41:46.754Z","repository":{"id":272441456,"uuid":"832802587","full_name":"google/deku","owner":"google","description":"DEKU is a utility for Linux kernel developers to quickly apply changes from the source code to the running kernel without the need for a system reboot","archived":false,"fork":false,"pushed_at":"2025-03-05T06:41:34.000Z","size":2809,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-08T20:07:30.340Z","etag":null,"topics":["development","hotreload","linux-kernel"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-23T18:52:57.000Z","updated_at":"2025-03-03T07:30:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"9f9e5639-f9fb-4af5-aa2e-d681069de12b","html_url":"https://github.com/google/deku","commit_stats":null,"previous_names":["google/deku"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fdeku","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fdeku/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fdeku/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fdeku/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/deku/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249130943,"owners_count":21217639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["development","hotreload","linux-kernel"],"created_at":"2025-01-19T01:11:34.572Z","updated_at":"2025-04-15T18:41:46.741Z","avatar_url":"https://github.com/google.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"doc/logo.png\" height=\"100\"/\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\nDEKU (DExterous Kernel Update) - Utility for Linux kernel developers to quickly apply changes from the source code to the running kernel without the need for a system reboot.\n\u003c/div\u003e\n\nhttps://github.com/user-attachments/assets/7039f450-62c5-426d-8bd0-e72b2d659cf1\n\n## Table of Contents\n- [About the DEKU](#about)\n- [ChromiumOS](#chromiumos)\n- [Prerequisites](#prerequisites)\n- [Download \u0026 build](#download)\n- [Usage](#usage)\n- [Use of patch files](#patch)\n- [Root permissions](#root_permissions)\n- [Supported kernel versions](#supported_kernel_versions)\n- [Update DEKU to the latest version](#update_deku)\n- [Constraints](#constraints)\n\n\u003ca name=\"about\"\u003e\u003c/a\u003e\n## About the DEKU\nThe DEKU is a utility for quickly applying changes from the Linux kernel source code to a running kernel on the device. DEKU uses the kernel livepatching feature to apply changes to a running kernel. This tool is primarily intended for Linux kernel developers, but can also be useful for researchers to learn how the kernel works.\n\n\u003ca name=\"chromiumos\"\u003e\u003c/a\u003e\n## For ChromiumOS developers\nGo to [ChromiumOS developers README](doc/CHROMIUMOS.md)\n\n\u003ca name=\"prerequisites\"\u003e\u003c/a\u003e\n## Prerequisites\n - Installed `libelf`\n - Installed `libbinutils`\n - Installed `binutils-dev`\n - Installed `golang`\n - Enabled `CONFIG_LIVEPATCH` in kernel config \n The above flag depends on the `KALLSYMS_ALL` flag that isn't enabled by default.\n - Kernel build artifacts\n - If changes are applied to the other device the SSH Key-Based authentication to the device must be configured. Also, the remote user must be able to load and unload kernel modules without prompts for password. See: [Root permissions](#root_permissions) section.\n\n\u003ca name=\"download\"\u003e\u003c/a\u003e\n## Download \u0026 Build DEKU\nDownload and go to deku directory\n```bash\ngit clone https://github.com/google/deku.git\ncd deku\nmake\n```\n\n\u003ca name=\"build_in_container\"\u003e\u003c/a\u003e\n### Alternative build in container\n```\ndocker run -it -v deku:/deku ubuntu bash\n```\n```\napt update\napt install -y gcc binutils-dev libelf-dev libiberty-dev build-essential golang\ncd /deku\nmake\n```\n\n\u003ca name=\"usage\"\u003e\u003c/a\u003e\n## Usage\n```bash\n./deku -b \u003cPATH_TO_KERNEL_BUILD_DIR\u003e --target \u003cUSER@DUT_ADDRESS[:PORT]\u003e [COMMAND]\n```\n```\nCommands list:\n deploy [default] deploy the changes to the device. This command requires\n root permissions. This is default command\n livepatch build livepatch module\n sync synchronize information about kernel source code.\n It is recommended after fresh building the kernel to\n improve the reliability of DEKU, although it is not\n mandatory. However, when using the --src_inst_dir\n parameter, running this command after building the kernel\n is unnecessary, as DEKU's reliability is already enhanced\n by this parameter\n\nAvailable parameters:\n -b, --builddir path to kernel or out-of-tree module build directory\n -k, --headersdir path to the kernel headers directory for the out-of-tree\n module in case the DEKU can't find the kernel headers.\n This is the same parameter as the -C parameter for the\n `make` command in the Makefile.\n -s, --sourcesdir path to the kernel source directory. Use this parameter if\n DEKU can't find the kernel sources directory\n -p, --patch patch file from which to generate livepatch module or\n apply changes to the device\n --target=\u003cUSER@DUT_ADDRESS[:PORT]\u003e SSH connection parameter to the target device. The given\n user must be able to load and unload kernel modules. The\n SSH must be configured to use key-based authentication.\n Below is an example with this parameter\n --ssh_options=\u003c\"-o ...\"\u003e options for SSH. Below is an example with this parameter\n --src_inst_dir=\u003cPATH\u003e directory with the kernel sources that were installed\n after the kernel was built. Having this directory makes\n DEKU working more reliable. As an alternative to this\n parameter, the 'deku sync' command can be executed after\n the kernel has been built to make DEKU work more reliably\n\n-v, --verbose turn verbose mode\n-h, -?, --help print this information\n```\n\n### Example usage\nUse\n```bash\n./deku -b /home/user/linux_build --target=root@192.168.0.100\n```\nto apply changes to the kernel on the other device with the 192.168.0.100 IP address. This example uses `root` user, if non-root user is used see the [Root permissions](#root_permissions) section.\n\n\u003e \\[!NOTE]\n\u003e\n\u003e Changes applied on the running kernel are not persistent and are life until the next reboot. After every reboot, the operation must be performed again.\n\nUse\n```bash\n./deku -b /home/user/linux_build --target=root@192.168.0.100:2200\n```\nto apply changes to the kernel on the device with configured SSH port number to 2200.\n\nUse\n```bash\n./deku -b /home/user/linux_build --target=root@192.168.0.100 --ssh_options=\"-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/key_rsa\"\n```\nwhen custom key-based authentication key is used for ssh connection\n\n\u003e \\[!NOTE]\n\u003e\n\u003e Changes applied on the running kernel are not persistent and are life until the next reboot. After every reboot, the operation must be performed again.\n\nUse\n```bash\n./deku -b /home/user/module --target=root@192.168.0.100\n```\nto apply changes to the out-of-tree module if the module was built in the /home/user/module directory.\n\nUse\n```bash\n./deku -b /home/user/module -k /lib/modules/$(shell uname -r)/build --target=root@192.168.0.100\n```\nto apply changes to the out-of-tree module if DEKU can't find linux kernel headers.\n\nUse\n```bash\n./deku sync\n```\ncommand after building the kernel to make DEKU work more reliably. The use of this command is not mandatory when the `--src_inst_dir` parameter is used.\n\nTo generate kernel livepatch module without deploy it on the target use\n```bash\n./deku -b /home/user/linux_build livepatch\n```\ncommand. Module is located in `workdir_XXXX/deku_YYYY_ZZZZ/deku_YYYY_ZZZZ.ko`\n\n\u003ca name=\"rest_of_readme\"\u003e\u003c/a\u003e\n\n\u003ca name=\"patch\"\u003e\u003c/a\u003e\n## Use of patch files\n\nhttps://github.com/user-attachments/assets/deb41694-e5fe-4cd3-87cc-69f16577475f\n\nTo generate a livepatch module from a patch file use the following command\n```bash\n./deku -b /home/user/linux_build -p file.patch livepatch\n```\nLivepatch module is located in `workdir_XXXX/deku_YYYY_ZZZZ/deku_YYYY_ZZZZ.ko`\n\nTo apply patch on the running kernel use the following command\n```bash\n./deku -b /home/user/linux_build -p file.patch\n```\n\nIt's also allowed to use wildcards to apply multiple patches, such as `-p 0001-*`, or the `-p | --patch` parameter can be passed multiple times.\n\n\u003ca name=\"root_permissions\"\u003e\u003c/a\u003e\n## Root permissions\nAs apply changes to the running kernel are done by applying kernel modules it's required to have root privileges to do this. The `sudo` command is used by DEKU to gain privileges to load, unload kernel modules and to disable livepatch. To avoid having to pass the root password every time, the `sudoers` file can be modified to relax the rules for prompting for the password.\nTo do this add the following lines to the `/etc/sudoers` file:\n```\nusername ALL=(root) NOPASSWD: /usr/sbin/insmod deku_*, /usr/sbin/rmmod deku_*\nusername ALL=(root) NOPASSWD: /usr/bin/tee --append /sys/kernel/livepatch/deku_*/enabled\n```\nchange the `username` to name of user that will be used with DEKU.\n\nIf the DEKU is used to apply changes to the other device this rule must be applied on that device.\n\n\u003ca name=\"supported_kernel_versions\"\u003e\u003c/a\u003e\n## Supported kernel versions\nThe minimum supported kernel version is: 5.4\n\n\u003ca name=\"update_deku\"\u003e\u003c/a\u003e\n## Update DEKU to the latest version\n```\ngit pull\nmake clean\nmake\n```\n\n\u003ca name=\"constraints\"\u003e\u003c/a\u003e\n## Constraints\n - Changes in the `.c' source file are fully supported. Header file changes are partially supported.\n - ARM and other architectures are not yet supported.\n - Functions marked as `__init`, `__exit` and some functions with the `notrace` are not supported.\n - Changes in struct fields are not yet supported. Only changes in the functions are permitted.\n - Changes to the lib/* directory are not supported.\n - Out-of-tree modules are not yet supported.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fdeku","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fdeku","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fdeku/lists"}