GEICO Insurance Company Developing TuxTape - A New Linux Kernel Livepatching Solution

Red Hat's Kpatch, Oracle's Ksplice, and SUSE's kGraft are the most well known solutions currently for Linux kernel live-patching primarily for applying security patches to running Linux servers. It wasn't on my bingo card for insurance giant GEICO working baking their own Linux kernel live-patching solution, but they announced it this weekend and it will soon be open-source.

Prominent US insurance company GEICO has been working on TuxTape as a new Linux kernel livepatching toolkit. Yes, I had to double-take at first as well that it was the GEICO insurance company and not some unrelated European entity with GEICO initials or similar situation. GEICO engineers have been developing TuxTape for greater control over the Linux kernel live-patching and with no paid kernel patching solutions suiting their needs. Current open-source solutions like Gentoo elivepatch are no longer active and Debian's linux-livepatching is still getting off the ground. GEICO says their TuxTape software will be open-source but as of writing hasn't yet been made public. TuxTape was presented this weekend at the annual FOSDEM developer conference in Brussels, Belgium.

TuxTape is a toolchain for creating, building, and deploying Linux kernel livepatches. This toolkit also consists of components like a CVE security scanner and CVE prioritizer. TuxTape is written in Rust.

While we look forward to seeing the public open-source code drop of TuxTape, those wanting to learn more about this GEICO Linux project can do so via this event page for the presentation given by GEICO's Grayson Guarino and Chris Townsend this past weekend in Brussels at FOSDEM 2025.