2025-09-30 –, Gallery
LinuxGuard is an initiative at Microsoft Azure to improve the security of Linux based infrastructure, especially in the area of code integrity. Whereas LinuxGuard is being prototyped with AzureLinux, it uses open-source technologies and is designed to benefit the entire Linux Community and deployments that span cloud to edge to mobile. LinuxGuard uses image-based deployments with immutable filesystems that employ DM-Verity and a Unified Kernel Image. The kernel is configured to enforce SELinux as well as Integrity Protection Enforcement (IPE) through the associated Linux Security Modules. In this session, we would like to share the design of LinuxGuard as a Linux Image based System that is expected to be deployed at scale on Azure and some of the challenges that we faced with this design, solutions we are pursuing and elicit feedback from the community.
Currently, LinuxGuard is designed to uphold code integrity for hosts that run OCI container-based workloads. The Integrity Protection Enforcement Policy encompasses the container host as well as the OCI container layers. This helps ensure that only expected and verified binaries can be executed on the target systems both on the host as well as within the OCI containers.
In order to uphold security while enabling usability in a somewhat decentralized manner at scale, we faced several challenges some of which are listed broadly listed below.
- Keys and Signatures
- Safeguards to ensure trusted launch
- Getting the right level of immutability
- Immutable container layers
- Servicing the image to reduce downtime, at scale
- Troubleshooting
