In this paper, the author presents ELKM, a Linux tool that
provides a mechanism to securely transport and load encrypted
Loadable Kernel Modules (LKM). The aim is to protect kernel-based
rootkits and implants against observation by Endpoint Detection and
Response (EDR) software and to neutralize the effects of recovery
by disk forensics tooling. The tool as well as the whitepaper is
provided in this archive.
Read more https://packetstormsecurity.com/files/158906/encrypted-linux-kernel-modules-v1.0.tar.gz