Microsoft reveals new code integrity feature for Linux

News
By published

Software giant has published details on a new LSM for the Linux kernel

(Image credit: Geralt / Pixabay)

Microsoft has published details about a new project called Integrity Policy Enforcement (IPE) that it has been working on for the Linux kernel.

IPE is a Linux Security Module (LSM) which are optional add-ons for the Linux kernel designed to enable additional security features. In its documentation page, Microsoft explained how IPE attempts to solve the issue of code integrity, saying:

“IPE is a Linux Security Module, which allows for a configurable policy to enforce integrity requirements on the whole system. It attempts to solve the issue of code integrity: that any code being executed (or files being read), are identical to the version that was built by a trusted source. Simply stated, IPE helps the owner of a system ensure that only code they have authorized is allowed to execute.

On Linux systems with IPE enabled, system administrators can create a list of binaries that are allowed to execute and add verification attributes which the kernel needs to check for each binary before allowing it to run. If a binary has been altered by an attacker, IPE has the ability to block the execution of the malicious code.

Integrity Policy Enforcement

According to Microsoft, IPE is not intended for general-purpose computing as it was designed for very specific use cases when security is of the utmost importance and administrators need to be in full control of what code runs on their systems.

Some examples of systems that could benefit from using the software giant's new LSM include embedded systems such as network firewall devices running in a data center and Linux servers that are running strict and immutable configurations and applications.

Microsoft has published the specifications for the new IPE module but it is currently in a RFC or request for comments state. It will likely be some time before IPE ships with the actual Linux kernel.

The Linux kernel already includes a LSM for code integrity called Integrity Measurement Architecture (IMA). However, Microsoft says that IPE differs from IMA because “it has no dependency on the filesystem metadata” and because IPE attributes “are deterministic properties that exist solely in the kernel”.

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Pro
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Gmail at 20
Your Gmail search results are about to get a huge change - and I'm not sure you're going to be happy with it
A person holding out their hand with a digital AI symbol.
Taking AI to the edge for smaller, smarter, and more secure applications
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
Latest in News
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
Apple's Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
Spotify's new Concerts Near You playlist feature showing a list of songs by local touring artists
Spotify has launched a new Concerts Near You playlist, making it easier for you to see if your favorite artists are performing in your area
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
The new Dr. Squatch Call of Duty collection.
Latest Call of Duty collaboration finally lets you rub your body with Soap - and I can't believe I just wrote that
Samsung S95D with peacock feather on screen
Samsung says an OLED-beating new screen tech could come sooner than we thought – but I wouldn't expect it in 4K TVs right away
More about pro
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
Google Pixel Tablet in hazel on green background with don't miss sign

The Google Pixel Tablet just dropped back to its lowest-ever Black Friday price
See more latest
Most Popular
Apple's Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
A person working on a laptop outside.
HP's new built-in eSIM lets you stay connected to the internet, even without Wi-Fi
A pair of Lenovo Legion Go S models on a desk
Finally, the more powerful Lenovo Legion Go S model has a release date - but the price is a gut punch
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
SluTune Q1 Bluetooth speaker
I love this super-slim, sleep-friendly Bluetooth speaker – but the name's a nightmare
Samsung S95D with peacock feather on screen
Samsung says an OLED-beating new screen tech could come sooner than we thought – but I wouldn't expect it in 4K TVs right away
Google AI
A powerful new AI tool is coming to Chromebooks to vastly increase productivity
A close up of Gemma Scout in Severance's season 2 finale
'They only told me': Severance actor Dichen Lachman reveals how long she's known about Cold Harbor's true purpose in the Apple TV+ show
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale