Microsoft Contributes Integrity Improvements To Linux 5.12
Microsoft engineers continue increasing their contributions to the Linux kernel where it makes business sense for them, such as in the case of securing the Azure cloud given that around 50% or more of the instances run Linux. With Linux 5.12 there are integrity subsystem improvements coming from Microsoft.
With the integrity subsystem and its Integrity Measurement Architecture (IMA) that is used for calculating hashes prior to loading programs/files there is some notable additions to find with Linux 5.12. There is now IMA support to measure kernel-critical data based on policy. The initial use-cases of this kernel data measurement is around the in-memory SELinux policy and the kernel version.
The IMA support for measuring the kernel version in early boot was explained by Microsoft’s Raphael Gianotti as for ensuring only a good/up-to-date kernel is loaded in terms of security. Raphael noted on the patch, “The integrity of a kernel can be verified by the boot loader on cold boot, and during kexec, by the current running kernel, before it is loaded. However, it is still possible that the new kernel being loaded is older than the current kernel, and/or has known vulnerabilities. Therefore, it is imperative that an attestation service be able to verify the version of the kernel being loaded on the client, from cold boot and subsequent kexec system calls, ensuring that only kernels with versions known to be good are loaded. Measure the kernel version using ima_measure_critical_data() early on in the boot sequence, reducing the chances of known kernel vulnerabilities being exploited. With IMA being part of the kernel, this overall approach makes the measurement itself more trustworthy.”
The other initial user of this IMA measurements of kernel critical data is the loaded SELinux policy. Measuring the in-memory SELinux policy through IMA is done as a secure way for the attestation service to be able to remotely validate those policy contents during run-time. That patch was contributed by Microsoft’s Lakshmi Ramasubramanian.
These changes and other integrity subsystem improvements are part of this pull request in Linux 5.12.
GParted Live 1.3.1-1 Released
The latest update to the project’s Debian-based live CD image containing a variety of specialist disk partitioning and data rescue utilities: GParted Live 1.3.1-1 stable release. The GParted team is pleased to announce a new stable release of GParted Live. This release includes GParted 1.3.1,…
Devuan 4.0 Alpha Builds Updated Released
Back in April Devuan 4.0 alpha builds began for this Debian fork/downstream that aims for init system freedom by allowing Debian GNU/Linux to work without a dependence on systemd. Devuan 4.0 is tracking upstream Debian 11 quite closely with its changes. Following this weekend’s full…
Linux 5.14-rc2 Released
Linus Torvalds just released Linux 5.14-rc2 as the latest weekly test candidate of the maturing Linux 5.14 kernel. Given that it’s a week past the Linux 5.14 merge window, there isn’t any shiny new features to talk about but a lot of fixes. Some fixes/improvements…
WordPress 5.8 “Tatum” Released
Yesterday is an exciting day for the WordPress community because the release of WordPress 5.8 “Tatum”. So let’s see what’s new.
Sony Xperia 1 III Receive Android 12 update
Just the other day, we learned that Sony Xperia 1 III may only receive one major Android OS update. Sony has confirmed that it will not be the case. The phone won’t just receive Android 12, it may also get Android 13 although it wasn’t…
Best Linux Distro For Beginners and Experienced Users 2021
Each Linux distribution has its own uniqueness and features. It becomes best when it continuously improves in quality, features, user experience and security. The best Linux distribution – have to consider for beginners and experienced. Based on interest users can choose the their Linux Distributions….