Microsoft has developed Linux Security Module for code integrity

Microsoft has developed a Linux Security Module called Integrity Policy Enforcement. According to Microsoft, the security add-on for the Linux kernel is intended for a specific audience.

Microsoft has put the code for Integrity Policy Enforcement on Github. The purpose of the Linux Security Module is to ensure that Linux only runs authorized code, i.e. versions of code that are identical to the versions that come from trusted sources.

With this, Microsoft focuses on specific usage scenarios in which all software and the configurations come from the owner of, for example, embedded systems. As an example, Microsoft cites a network firewall device in a data center.

According to Microsoft, there are already several implementations to verify the integrity of code on Linux, but the existing methods lack functionality. “What these implementations lack is a way to verify at run time that binaries are coming from certain locations. IPE is trying to address this lack.”

ZDNet writes that IPE currently has the status of request for comments and that it may take some time before it becomes part of the Linux kernel. The difference with the existing Integrity Measurement Architecture, according to the site, is that IPE does not rely on file system metadata and does not require signatures.

Microsoft regularly develops for Linux and benefits from code integrity for the OS, among other things, because Linux is widely used on its Azure cloud service.