Microsoft reveals new code integrity feature for Linux

News
By
published

Software giant has published details on a new LSM for the Linux kernel

(Image credit: Geralt / Pixabay)

Microsoft has published details about a new project called Integrity Policy Enforcement (IPE) that it has been working on for the Linux kernel.

IPE is a Linux Security Module (LSM) which are optional add-ons for the Linux kernel designed to enable additional security features. In its documentation page, Microsoft explained how IPE attempts to solve the issue of code integrity, saying:

“IPE is a Linux Security Module, which allows for a configurable policy to enforce integrity requirements on the whole system. It attempts to solve the issue of code integrity: that any code being executed (or files being read), are identical to the version that was built by a trusted source. Simply stated, IPE helps the owner of a system ensure that only code they have authorized is allowed to execute.

On Linux systems with IPE enabled, system administrators can create a list of binaries that are allowed to execute and add verification attributes which the kernel needs to check for each binary before allowing it to run. If a binary has been altered by an attacker, IPE has the ability to block the execution of the malicious code.

Integrity Policy Enforcement

According to Microsoft, IPE is not intended for general-purpose computing as it was designed for very specific use cases when security is of the utmost importance and administrators need to be in full control of what code runs on their systems.

Some examples of systems that could benefit from using the software giant's new LSM include embedded systems such as network firewall devices running in a data center and Linux servers that are running strict and immutable configurations and applications.

Microsoft has published the specifications for the new IPE module but it is currently in a RFC or request for comments state. It will likely be some time before IPE ships with the actual Linux kernel.

The Linux kernel already includes a LSM for code integrity called Integrity Measurement Architecture (IMA). However, Microsoft says that IPE differs from IMA because “it has no dependency on the filesystem metadata” and because IPE attributes “are deterministic properties that exist solely in the kernel”.

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Pro
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Hospital
Major Oracle outage hits US Federal health record systems
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Latest in News
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
An image of a Jackbox Games Party Pack
Jackbox games is coming to smart TVs in mid-2025, and I can’t wait to be reunited with one of my favorite party video games
More about pro
Ryzen AI Max+ 395

Race to launch most powerful AI mini PC ever heats up as GMKTec confirms Ryzen AI Max+ 395 product for May 2025
Whirlwind I Computer

Happy birthday, Director! The first operating system in the world turns 70 today
An image of a Jackbox Games Party Pack

Jackbox games is coming to smart TVs in mid-2025, and I can’t wait to be reunited with one of my favorite party video games
See more latest
Most Popular
An image of a Jackbox Games Party Pack
Jackbox games is coming to smart TVs in mid-2025, and I can’t wait to be reunited with one of my favorite party video games
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Ryzen AI Max+ 395
Race to launch most powerful AI mini PC ever heats up as GMKTec confirms Ryzen AI Max+ 395 product for May 2025
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet