Secure Linux: Amutable brings "cryptographically verifiable integrity"
Is the Linux system clean? Verifiable integrity is intended to ensure this. The startup Amutable now wants to implement this.
(Image: heise medien)
A team of renowned Linux developers has set itself the goal of making Linux more secure and cryptographically verifying the integrity of Linux systems. The project builds on “immutable Linux,” among other things, meaning read-only, unchangeable core systems. The name: Amutable. The company is based in Berlin.
Big names are involved as founders. For example, Lennart Poettering, who develops and maintains systemd, or Christian Brauner, who looks after the VFS subsystem in Linux, as well as Christ Kühl, formerly founder of Kinvolk – who developed Flatcar Container Linux, an immutable Linux system, and was acquired by Microsoft.
Verifiable System Integrity
Amutable has not yet provided details but hints at its goals. The integrity of the system should be cryptographically verifiable; the “system boots in a verified state and remains trustworthy over time.” Keywords mentioned on the “About” page of Amutable include the integrity of the build process, the boot process, and at runtime. Lennart Poettering already has hot irons in the fire with “Measured Boot.” A pointer is also the planned talk “Remote Attestation of Immutable Operating Systems built on systemd,” which he will give on March 12th at the Open Confidential Computing Conference in Berlin.
With “Measured Boot,” the system checks the integrity of firmware and software during system startup based on digital fingerprints, so-called hash values, starting from a “Root of Trust” in the Trusted Platform Module (TPM). The comparison hashes are also located in the TPM, in so-called Platform Configuration Registers (PCRs). The process is similar to Secure Boot. However, Secure Boot aborts the boot process if hashes deviate, while Measured Boot logs the hashes of the components and their configuration and can send them encrypted to other systems for verification (Remote Attestation, detailed explanation by Infineon). A talk at “All Systems Go” last year also shows Poettering's thoughts on the security architecture in Linux.
Videos by heise
Currently, the Amutable team consists of founders Chris Kühl (CEO), Christian Brauner (CTO), and Lennart Poettering (Chief Engineer); Chief Product Officer is David Strauss. The programming team includes Rodrigo Campos Catelin, Zbyszek Jędrzejewski-Szmek, Kai Lüke, Daan De Meyer, Joaquim Rocha, Aleksa Sarai, and Michael Vogt. The participants bring experience in building traditional distributions like Debian, Fedora/CentOS, SUSE, and Ubuntu, but also in immutable, image-based distributions like Flatcar Container Linux, ParticleOS, and Ubuntu Core, explains the project announcement.
So, there is plenty of expertise for the stated goals. However, what exactly Amutable intends to build is currently still unclear. An inquiry regarding this was not immediately answered. We will update the report accordingly if necessary.
(dmk)
