Microsoft contributes integrity subsystem update to Linux 5.12
The Linux Integrity Measurement Architecture (IMA) subsystem introduces hooks in the inner core to support the creation and collection of hash values of files before they are opened for reading or execution and to report the hash values and verify whether they conform to the predefined list. The system includes two parts: measurement and evaluation, measuring the hash value of the collected files, and the evaluation compares the collected hash value with the stored hash value and denies access if it does not match.
This update provides IMA support for the measurement of key kernel data, namely measuring the SELinux strategy in the memory and measuring the kernel version. Since IMA is a part of the kernel, use ima_measure_critical_data() to measure the kernel version in the early stage of the startup, which helps to ensure that only kernels are known to be good versions are loaded and reduce the chance of known kernel vulnerabilities being exploited. In addition, this update also includes 4 bug fixes to resolve memory leaks and a missing static function declaration.
On the Azure cloud, at least 50% of instances run Linux. Therefore, even if only for commercial purposes, Microsoft engineers will continue to contribute code to the Linux kernel.