Abaphuhlisi bakaMicrosoft bavuliwe kutshanje ulwazi malunga ukuqaliswa kwendlela ye-IPE (Ukunyanzeliswa koMgaqo-nkqubo) iphunyezwe njengemodyuli ye-LSM (Imodyuli yoKhuseleko yeLinux) yekernel yeLinux.
Imodyuli iya kuthi ikuvumela ukuba uchaze umgaqo-nkqubo ngokubanzi wenkqubo yonke, ebonisa ukuba yeyiphi na imisebenzi esebenzayo kunye nendlela ubunyani bezinto ekufuneka buqinisekisiwe. Nge-IPE, Ungachaza ukuba zeziphi iifayile ezinokuphunyezwa ezinokuqhutywa kwaye uqiniseke ukuba ezi fayile ziyafana kuhlobo olunikezwe ngumthombo othembekileyo. Ikhowudi ivulekile phantsi kwelayisenisi ye-MIT.
IKernel I-Linux ixhasa ii-LSM ezininzi, kubandakanya i-SELinux (iLinux enokhuseleko olwenziweyo) kunye neAppArmor phakathi kwezona zaziwayo. IMicrosoft inegalelo kwiLinux njengesiseko sobugcisa kumanyathelo ahlukeneyo kwaye le projekthi intsha ibizwa ngokuba yi-IPE (Ukunyanzeliswa koMgaqo-nkqubo).
Oku kuyilelwe ukomeleza ukuthembeka kwekhowudi ye-Linux kernel, ukuqinisekisa ukuba "nayiphi na ikhowudi eqhubayo (okanye iifayile ezifundwayo) ziyafana nohlobo olwenziwe ngumthombo othembekileyo," utshilo uMicrosoft kwiGitHub.
I-IPE ijonge ukwenza iinkqubo eziqinisekisiweyo ngokupheleleyo ukuthembeka kwabo kuqinisekiswe ukusuka kwi-bootloader kunye ne-kernel ukuya kwiifayile zokugqibela ezinokufezekiseka, ukumiselwa kunye nokukhuphela.
Kwimeko apho utshintsho lwefayile okanye ukutshintshwa, ifayile ye I-IPE inokuthintela ukusebenza okanye irekhode inyani yokwaphula ingqibelelo. Indlela ecetywayo inokusetyenziswa kwi-firmware yezixhobo ezifakiwe apho zonke iisoftware kunye noseto luqokelelwa kwaye lubonelelwe ngakumbi ngumnini, umzekelo, kumaziko edatha kaMicrosoft, i-IPE isetyenziswa kwizixhobo zeefwallwall.
Nangona i-kernel ye- I-Linux sele ineemodyuli ezininzi zokuqinisekisa ingqibelelo njenge-IMA.
I-IPE ibonelela ngokungqinisisa ixesha lokubaleka lekhowudi yokubini. UMicrosoft uthi i-IPE yahlukile kwezinye ii-LSM ngeendlela ngeendlela ezibonelela ngokungqinisisa ukuthembeka.
I-IPE ikwaxhasa uphicotho-zincwadi olunempumelelo. Xa yenziwe, yonke imicimbi
ogqitha umgaqo-nkqubo we-IPE kwaye awuthintelwanga uya kukhupha umcimbi wokuphicothwa.
Imodyuli entsha ecetywayo nguMicrosoft, ayifani nezinye iinkqubo zokuqinisekisa ukuthembeka, njenge-IMA. Into enomdla nge-IPE yile yahluka ngeendlela ezininzi kwaye izimele kwimethadatha kwinkqubo yefayile, ngaphandle kokuba zonke iipropathi ezichaza ubunyani bemisebenzi zigcinwa ngqo kwikernel.
Umzekelo, i-IPE ayixhomekeki kwinkqubo yemethadatha kunye neempawu eziqinisekiswa yi-IPE. Kwakhona, i-IPE ayisebenzisi nayiphi na indlela yokuqinisekisa iifayile zokutyikitya ze-IMA. Kungenxa yokuba i-Linux kernel sele ineemodyuli zayo, ezinje nge-dm-verity.
Ndiyithetha loo nto Ukuqinisekisa ukuthembeka komxholo wefayile usebenzisa i-cryptographic hashes, i-dm-verity okanye fs-verity yeendlela esele zikho kwi-kernel zisetyenzisiwe.
Ngokuthelekiswa ne-SELinux, iindlela ezimbini zokusebenza zivumelekile kwaye zinyanzelekile. Kwimowudi yokuqala, ilog yengxaki yenziwa kuphela xa kusenziwa iitsheki, umzekelo, ezinokusetyenziselwa uvavanyo lwendalo esingqongileyo.
"Ngokufanelekileyo, inkqubo esebenzisa i-IPE ayenzelwanga ukusetyenziswa kwekhompyuter ngokubanzi kwaye ayisebenzisi isoftware yomntu wesithathu okanye useto," utshilo umpapashi.
Ukongeza, i I-LSM inyuswe nguMicrosoft yenzelwe iimeko ezithile, njengeenkqubo ezigxunyekwe, apho ukhuseleko lubekwa phambili kwaye abalawuli benkqubo balawulo olupheleleyo.
Abanini benkqubo banokwenza eyabo imigaqo-nkqubo yokujonga ukuthembeka kunye nokusebenzisa eyakhelwe-ngaphakathi kwi-dm-verity signature ukungqinisisa iikhowudi.
Ukuqukumbela, iprojekthi entsha izisa imodyuli entsha yokhuseleko yeLinux engenakukwazi ukuyenza ukukhusela inkqubo ekusebenziseni ikhowudi enobungozi.
Gqibela Ukuba ufuna ukwazi ngakumbi ngeenkcukacha zale modyuli intsha icetyiswe ngabaphuhlisi bakaMicrosoft, ungakhangela iinkcukacha Kule khonkco ilandelayo. Ungajonga ikhowudi yemvelaphi yale modyuli kwi eli khonkco lilandelayo.
UMicrosoft uyandoyikisa ...
IMicrosoft ifuna ukujonga ukuthembeka kwenkqubo yeLinux? INDLELA YOKUBONISA UKUHLEKA . Inokuba yintlekisa
I-Linux ayifuni mirdosoft.
Wonke umsebenzi wakho ulunge kakhulu kwaye andiwudeleli, umhlaba weLinux awuvaleli iingcango zawo nakubani na kwaye yonke into yamkelekile ukuba uhamba kwicala elinye. I-Peeeeeeeero Ndiyakuthanda ukucaphukisa i-nauseam yam ye-Linux, ndenza imifuniselo, ndiqokelela ii-kernels zam, ndizikhanyisele kwaye ndikhangele ukwandiswa. Kwaye sele ndinamaqanda angcwele uefi, ukuba kufuneka ndibanezinto ezingaqhelekanga kwi-bios ngenxa yoku, ngokungathi ndibeka izinto ezininzi kwinkqubo enemvelaphi ecacileyo.
Ukuba bafuna iLinux baya kuchitha imali yokwenyani bengalindelanga ukusikwa rhoqo, baya kubonelela ngeenkqubo ezinkulu zomsebenzisi kwaye baya kufumana amanzi kwiiprojekthi zokunyanzela ishishini ukuba liqhubele phambili, jonga igosa kunye nomthombo ovulekileyo we-directx okanye unikezele ngezixhobo kwiiprojekthi Njenge-wayland kwaye ungadlali ngothando apho kuhlala kukho ukuprinta okuhle ukukopa amanqaku e-Linux kunye nokukrola ngexabiso eliphantsi. Andiyikholelwa loo nto yokuthanda iLinux, ndidiniwe bubuxoki obuninzi.