Root of Trust
Welcome
Every day, things seem to happen that I never thought I'd see, but one recent announcement was particularly striking if you've been around the FOSS community anytime in the last 20 years: Microsoft just proclaimed they are creating their own custom version of the Linux kernel.
Dear Reader,
Every day, things seem to happen that I never thought I'd see, but one recent announcement was particularly striking if you've been around the FOSS community anytime in the last 20 years: Microsoft just proclaimed they are creating their own custom version of the Linux kernel. A Linux kernel from Microsoft is big news if you remember the old times, when they used to say Linux was a "virus," and they used all their monopoly power in an attempt to squelch and obliterate the Linux menace.
As I write this column, the curious news is trickling out onto the high-tech blogs and news sites. Most of the stories paraphrase or quote from the original announcement in a blog at the Microsoft Azure website [1]. What they are really announcing is a new IoT system with three components:
- the cloud-based Azure Sphere Security Service
- a new class of Azure-certified microcontrollers (MCUs) to go in IoT devices
- Azure Sphere OS, which is actually the Linux kernel with Microsoft modifications
They needed a new operating system for their new IoT environment, and instead of choosing Windows IoT or some spin of their embedded Windows OS, they chose to use Linux instead. Does that mean they admit Linux is better? Not out loud at least: They say Windows IoT is too big to run at the small scale they need for the Azure Sphere environment. (Hmmm … does that seem real, or do you think maybe they think Linux is better?) In any case, Linux is obviously better at scaling down to the size they need.
Is Microsoft part of the team now? Well, before you uncork the champagne, better to look a little deeper. The Azure Sphere program isn't really about selling software; Microsoft's profit model appears to center around the cloud service and the "Azure Sphere Certified" IoT devices. That shouldn't be a surprise to anyone. (If your profit model depends on selling Linux as a software product, you're in a lot of trouble, since most people are giving it away).
But Microsoft has lots of other ways to make money in the Azure Sphere. Cloud services, certification for hardware, consulting … all this does sound a little more like the open source environment, where the software is free and revenue comes from the surrounding services. Open source means open, right? Can anyone get involved with this promising new market?
That's where you have to remember with whom you're dealing. A closer look at the announcement offers a more nuanced view of this brave new space. The Azure Sphere announcement is strongly focused on the topic of security. The term "secure" and "security" appear a total of 35 times in the single blog post announcing the new initiative. It is obvious they plan to use security as a way to help distinguish themselves from other IoT platforms. To find out what they mean by "security," click the link in the announcement that goes to another page entitled "Seven Properties of Highly Secure Devices" [2].
Leading off the list of the properties for secure devices is something they call "Hardware Based Root of Trust." This "root of trust" refers to the work of the Trusted Computing Group (TCG), a consortium started by Microsoft and some hardware vendors several years ago that now consists of around 100 companies. TCG has a standard for the Trusted Platform Module (TPM), which is now included with many computer hardware systems. The TPM theoretically gives the hardware vendor complete control over what software can run on the system.
The result of the TCG controls is that you could have a completely free operating system running in a completely closed, vendor lock-in style computing environment. As a result, TCG and the "Trusted Computing" paradigm has come under fire from many corners of the Free Software community – most colorfully, perhaps, from Free Software Foundation founder Richard Stallman, who refers to "trusted computing" as "treacherous computing" [3].
The fact that Microsoft lists "root of trust" as the first property on their "Seven Properties of Highly Secured Devices" gives the strong impression that they intend to employ TCG technologies to maintain tight control over what software runs in their Azure Sphere IoT system. If so, the question is: Is Azure Sphere an example of Microsoft getting to be more like Linux? Or are they just getting Linux to be more like Microsoft?
Joe Casad, Editor in Chief
Infos
- Introducing Microsoft Azure Sphere: Secure and Power the Intelligent Edge: https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sphere-secure-and-power-the-intelligent-edge/
- Seven Properties of Highly Secure Devices: https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
- Can You Trust Your Computer?: https://www.gnu.org/philosophy/can-you-trust.en.html
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.