Microsoft Increasing Linux Security On Hyper-V With VTL/VSM Support
Microsoft engineers continue to work heavily on enhancing the Linux support for Hyper-V considering that in the Azure public cloud at last report was more than 50% of their VMs running Linux. Microsoft has continued implementing more Hyper-V features within the Linux kernel and their latest is working on Virtual Trust Level (VTL) integration as part of Virtual Secure Mode (VSM) handling.
Sent out today on the Linux kernel mailing list was the Hyper-V patches working on this Virtual Trust Level (VTL) support as part of the Virtual Secure Mode enablement. Microsoft Linux engineer Saurabh Sengar summed up this work as:
"This patch series introduces support for Virtual Trust Level (VTL) in Hyper-V systems. It provide a foundation for the implementation of Hyper-V VSM support in the Linux kernel, providing a secure platform for the development and deployment of applications.
Virtual Secure Mode (VSM) is a critical aspect of the security infrastructure in Hyper-V systems. It provides a set of hypervisor capabilities and enlightenments that enable the creation and management of new security boundaries within operating system software. The VSM achieves and maintains isolation through Virtual Trust Levels, which are hierarchical, with higher levels being more privileged than lower levels."
The initial Linux kernel patch gets VTL support in place for x86-based platforms, VTL early boot-up handling, and other changes for initially supporting the VTL 2 level. More details on the VTL functionality via the Microsoft documentation.
The Microsoft Hyper-V VTL patches for the Linux kernel can be reviewed on the LKML.