1️⃣0️⃣ Here's the 10th post highlighting key new features of the upcoming v257 release of systemd.

Linux Security Models (LSMs) are used to implement optional security restrictions on the system. The most famous LSM is probably SELinux, but with Linux 6.12 a new LSM has entered the stage: IPE ("Integrity Policy Enforcement").

IPE is useful for locking down from which file systems it shall be permitted to execute code. For example, a reasonable policy could be:

"Allow code execution only from the initrd and from authenticated dm-verity devices."

Such a policy makes a ton of sense, because it ensures that code *must* come from a trusted, authenticated source, and thus makes it a lot harder to smuggle in code from other sources, during an exploit.

With systemd v257 there's now support for loading and enabling IPE policies during earliest boot. IPE policies are comparably simple and small, hence the are easily applied in the initrd already.

On a traditional, generic Linux system that installs packages via apt or dnf IPE is probably not too useful (since the policy would have to be wide open, to allow installing packages with code), but for more modern, image-based OS designs it should be a key building block to locking down the OS and making gaining persistence after an exploit harder.

As I recently learnt various distributions have already enabled IPE in their kernels, hence if you build an image-based OS…

…from classic Linux packages with v257 you should be ready to deploy IPE policies in your images.

IPE is widely deployed on the datacenters the little cloud start-up I work for runs, hence IPE is already quite well battle tested. What systemd v257 now adds is to making it easily and nicely accessible.

For further information on IPE policies see its documentation:

https://docs.kernel.org/next/admin-guide/LSM/ipe.html
https://microsoft.github.io/ipe/

@pid_eins "little cloud startup I work for". 🫠🤣

@pid_eins s/Models/Modules/ ;-)

Sorry could not help myself, otherwise cool stuff...