Microsoft's IMA-Based Measurements For Device Mapper Slated For Linux 5.15
Written by Michael Larabel in Linux Kernel on 25 July 2021 at 12:00 AM EDT. 3 Comments
LINUX KERNEL --
The latest Linux kernel feature proposed by Microsoft that is now working its way to the mainline kernel is IMA-based target measurements for the Device Mapper (DM) subsystem for enhanced security.

Microsoft has been working on Device Mapper target measurements using the IMA infrastructure. The focus is on ensuring the current run-time state of the kernel / relevant subsystems before trusting them with business-critical data or workloads. With Device Mapper being responsible for mapping of block devices and LVM, dm-crypt, software RAID, and other functionality, it's important to ensure its state can be trusted and that the storage configuration is not compromised.

These measurements around DM are useful for ensuring the desired block device state and configuration when initially setting up the system and on subsequent block device changes. This goes along with the rest of Linux's Integrity Measurement Architecture (IMA) work.

Microsoft engineers spearheaded this DM IMA integration with more of the technical details for those interested via this patch series and the documentation.

These DM IMA patches have been queued into Device Mapper's dm-5.15 Git branch as material for the Linux 5.15 cycle starting in September. So unless any major issues come about in the weeks ahead or objections from Linus Torvalds, this integrity feature will make it into the next major kernel cycle.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week