Abathuthukisi beMicrosoft bavuliwe imininingwane yakamuva mayelana ukwethulwa kwendlela ye-IPE (Ukuphoqelelwa Komgomo Wobuqotho), isetshenziswe njengemodyuli ye-LSM (I-Linux Security Module) ye-Linux kernel.
Imodyuli izokwenza ikuvumela ukuthi uchaze inqubomgomo yobuqotho ejwayelekile yohlelo lonke, okukhombisa ukuthi imiphi imisebenzi evumelekile nokuthi ubuqiniso bezinto kufanele buqinisekiswe kanjani. Nge-IPE, ungacacisa ukuthi yimaphi amafayela asebenzayo angasetshenziswa futhi uqiniseke ukuthi lawa mafayela ayafana nenguqulo enikezwe ngumthombo othenjiwe. Ikhodi ivulekile ngaphansi kwelayisense ye-MIT.
IKernel I-Linux isekela ama-LSM amaningi, kufaka phakathi i-SELinux (i-Linux enokuphepha okuthuthukisiwe) ne-AppArmor phakathi kwezaziwa kakhulu. IMicrosoft inikela kuLinux njengesisekelo sobuchwepheshe bezinhlelo ezahlukahlukene futhi le phrojekthi entsha uyiqambe njenge-IPE (Ukuphoqelelwa Komgomo Wobuqotho).
Lokhu kuklanyelwe ukuqinisa ubuqotho bekhodi ye-Linux kernel, ukuqinisekisa ukuthi "noma iyiphi ikhodi esebenzayo (noma amafayela afundwayo) ayafana nenguqulo eyenziwe ngumthombo othembekile," kusho iMicrosoft kwiGitHub.
I-IPE ihlose ukudala amasistimu aqinisekiswe ngokuphelele ubuqotho bayo obufakazelwa kusuka ku-bootloader ne-kernel kuya kumafayela wokugcina asetshenziswayo, ukumiswa nokulanda.
Uma kwenzeka ushintsho lwefayela noma ukushintshwa, ifayela le- I-IPE ingavimba ukusebenza noma irekhode iqiniso lokwephula ubuqotho. Indlela ehlongozwayo ingasetshenziswa ku-firmware yamadivayisi ashumekiwe lapho wonke amasoftware namasethingi eqoqwa futhi ahlinzekwe ikakhulukazi ngumnikazi, ngokwesibonelo, ezikhungweni zedatha ze-Microsoft, i-IPE isetshenziselwa okokusebenza kwama-firewall.
Yize inhlamvu ye I-Linux isivele inamamojula amaningi wokuqinisekisa ubuqotho njenge-IMA.
I-IPE inikezela ngokukhethekile ukuqinisekiswa kwesikhathi sokusebenza kwekhodi kanambambili. IMicrosoft ithi i-IPE yehlukile kwamanye ama-LSM ngezindlela eziningi ezinikeza ukuqinisekiswa kobuqotho.
I-IPE futhi isekela ukucwaningwa kwamabhuku okuphumelelayo. Uma inikwe amandla, yonke imicimbi
edlulisa inqubomgomo ye-IPE futhi engavinjelwe izokhipha umcimbi wokucwaningwa kwamabhuku.
Le module entsha ehlongozwa yiMicrosoft, ayifani nezinye izinhlelo zokuqinisekisa ubuqotho, njenge-IMA. Into ethokozisayo nge-IPE ukuthi yehluka ngezindlela eziningi futhi izimele ngemethadatha ohlelweni lwefayela, ngaphandle kwalokho zonke izakhiwo ezinquma ukusebenza kwemisebenzi zigcinwa ngqo ku-kernel.
Isibonelo, i-IPE ayincikile kwimethadatha yohlelo lwefayela nezimpawu eziqinisekiswa yi-IPE. Futhi, i-IPE ayisebenzisi noma iyiphi indlela yokuqinisekisa amafayela wesiginesha we-IMA. Lokhu kungenxa yokuthi i-Linux kernel isivele inamamojula ayo, njenge-dm-verity.
Ngiqonde lokho ukuqinisekisa ubuqotho bokuqukethwe kwefayela usebenzisa ama-cryptographic hashes, izindlela ze-dm-verity noma fs-verity esevele zikhona ku-kernel ziyasetshenziswa.
Ngokufanisa ne-SELinux, izindlela ezimbili zokusebenza zivumelekile futhi ziphoqelekile. Kwimodi yokuqala, irekhodi lenkinga lenziwa kuphela lapho kwenziwa amasheke, ngokwesibonelo, angasetshenziselwa izivivinyo zokuqala zemvelo.
"Okungcono, uhlelo olusebenzisa i-IPE aluhloselwe ukusetshenziswa jikelele kwekhompyutha futhi alusebenzisi isoftware noma amasethingi avela eceleni," kusho umshicileli.
Ngaphezu kwalokho, i I-LSM ephakanyiswe yiMicrosoft yenzelwe amacala athile, njengezinhlelo ezishumekiwe, lapho ukuphepha kuyinto ebaluleke kakhulu futhi abaphathi bohlelo belawula ngokugcwele.
Abanikazi besistimu bangazenzela izinqubomgomo zabo zokubheka ubuqotho futhi basebenzise amasiginesha e-dm-verity akhelwe ukuqinisekisa amakhodi.
Ukuphetha, iphrojekthi entsha iletha imodyuli entsha yokuphepha yeLinux amanye amamojula angenakukwenza ukuvikela uhlelo ekusebenzeni kwekhodi enonya.
Okokugcina Uma ufuna ukwazi kabanzi ngemininingwane yale module entsha ehlongozwe ngabathuthukisi beMicrosoft, ungabheka imininingwane Kulesi sixhumanisi esilandelayo. Ungahlola ikhodi yomthombo yale module ku isixhumanisi esilandelayo.
IMicrosoft iyangethusa ...
IMicrosoft ifuna ukubheka ubuqotho bohlelo lweLinux? I-LOL. Kumele kube ihlaya
I-Linux ayidingi i-mirdosoft.
Wonke umsebenzi wakho muhle kakhulu futhi angiwudeleli, umhlaba weLinux awuvaleli iminyango yawo kunoma ngubani futhi konke kwamukelekile uma uhamba ngendlela efanayo. I-Peeeeeeeero Ngithanda ukucabanga nge-nauseam yami yesikhangiso se-Linux, ngenza izivivinyo, ngihlanganisa izinhlamvu zami, ngizikhanyise futhi ngibheke ukwenzelwa okuhle. Futhi bengivele nginawo amaqanda angcwele i-uefi, okumele ngibe nokuhlelwa okuyinqaba kuma-bios ngenxa yalokhu, kube sengathi ngifaka izinto eziningi ohlelweni ngesizinda esicacile.
Uma befuna i-Linux bebezosebenzisa imali yangempela bengalindelanga ukuthi bazosikwa njalo, bazohlinzeka ngezinhlelo ezinkulu zabasebenzisi futhi bazongena kumaphrojekthi okuphoqa imboni ukuthi iqhubekele phambili, ibheke i-directx esemthethweni futhi evulekile yomthombo noma yabele izinsiza kumaphrojekthi njenge-wayland hhayi ukudlala ngothando lapho kuhlale kukhona ukuphrinta okuhle ukukopisha izici ze-Linux nokukhuhla ngokushibhile. Ukuthi angikholelwa lelo phutha ngokuthanda iLinux, ngikhathele amanga amaningi.