Skip Navigation

Linux @programming.dev

cm0002 @lemmy.world

1w ago

Microsoft Proposes "Hornet" Security Module For The Linux Kernel

lore.kernel.org

[RFC PATCH security-next 0/4] Introducing Hornet LSM

https://www.phoronix.com/news/Microsoft-Hornet-Linux-LSM

Linux @lemmy.ml

ikidd @lemmy.world

1w ago

Microsoft Proposes "Hornet" Security Module For The Linux Kernel

lore.kernel.org /all/Z97xvUul1ObkmulE@kernel.org/T/

16 comments

I dunno about this one chief; call it Microsoft paranoia.
- One of the better security modules in the kernel was developed by the NSA.
  It’s open source software and Microsoft can’t force it in, the open source model will handle this properly.
  
  Okay well, It wouldn't have been the first code blob in the kernel (looking at you HDMI)

How about no? The whole proposal looks shady. Where Microsoft says "trust", I do not.

Every Microsoft idea is always bad for Linux.

it's a trap

Oh geeze, that format drives me nuts. Is there a tldr?
- Amigo, it's 5 paragraphs and two of those are a quote.
  
  Oh, there's two different links, the kernel lore one is the one I was complaining about.
- This adds the Hornet Linux Security Module which provides signature verification of eBPF programs.

did we arrive at the second stage of embrace, extend, extinguish?
- No, Microsoft would likely sooner fully adopt the Linux kernel tbh.
  It aligns with their software/service as a service model.
  My bet is you’ll see a “windows 11” compatible user space running on Linux a la WSL ( LSW? ) in the coming decade.
  I know Linux engineers who moved to Microsoft generally for this purpose
  
  that's how the "extinguish" phase start - integrate it closely into your own product, so people use yours instead

Can anyone ELI5 why it's bad? Apart from contributior being Microsoft

Very interesting. I'm sure it will find some consumers for this code, in systems that use codesign.

16 comments