Get the Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.
You can download it from the following link: https://packetstormsecurity.com/files/download/160363/elkm-paper.pdf
Source: https://packetstormsecurity.com/files/160363/Encrypted-Linux-x86-64-Loadable-Kernel-Modules-ELKM.html