Root of Trust
Welcome
Every day, things seem to happen that I never thought I'd see, but one recent announcement was particularly striking if you've been around the FOSS community anytime in the last 20 years: Microsoft just proclaimed they are creating their own custom version of the Linux kernel.
Dear Reader,
Every day, things seem to happen that I never thought I'd see, but one recent announcement was particularly striking if you've been around the FOSS community anytime in the last 20 years: Microsoft just proclaimed they are creating their own custom version of the Linux kernel. A Linux kernel from Microsoft is big news if you remember the old times, when they used to say Linux was a "virus," and they used all their monopoly power in an attempt to squelch and obliterate the Linux menace.
As I write this column, the curious news is trickling out onto the high-tech blogs and news sites. Most of the stories paraphrase or quote from the original announcement in a blog at the Microsoft Azure website [1]. What they are really announcing is a new IoT system with three components:
- the cloud-based Azure Sphere Security Service
- a new class of Azure-certified microcontrollers (MCUs) to go in IoT devices
- Azure Sphere OS, which is actually the Linux kernel with Microsoft modifications
They needed a new operating system for their new IoT environment, and instead of choosing Windows IoT or some spin of their embedded Windows OS, they chose to use Linux instead. Does that mean they admit Linux is better? Not out loud at least: They say Windows IoT is too big to run at the small scale they need for the Azure Sphere environment. (Hmmm … does that seem real, or do you think maybe they think Linux is better?) In any case, Linux is obviously better at scaling down to the size they need.
Is Microsoft part of the team now? Well, before you uncork the champagne, better to look a little deeper. The Azure Sphere program isn't really about selling software; Microsoft's profit model appears to center around the cloud service and the "Azure Sphere Certified" IoT devices. That shouldn't be a surprise to anyone. (If your profit model depends on selling Linux as a software product, you're in a lot of trouble, since most people are giving it away).
But Microsoft has lots of other ways to make money in the Azure Sphere. Cloud services, certification for hardware, consulting … all this does sound a little more like the open source environment, where the software is free and revenue comes from the surrounding services. Open source means open, right? Can anyone get involved with this promising new market?
That's where you have to remember with whom you're dealing. A closer look at the announcement offers a more nuanced view of this brave new space. The Azure Sphere announcement is strongly focused on the topic of security. The term "secure" and "security" appear a total of 35 times in the single blog post announcing the new initiative. It is obvious they plan to use security as a way to help distinguish themselves from other IoT platforms. To find out what they mean by "security," click the link in the announcement that goes to another page entitled "Seven Properties of Highly Secure Devices" [2].
Leading off the list of the properties for secure devices is something they call "Hardware Based Root of Trust." This "root of trust" refers to the work of the Trusted Computing Group (TCG), a consortium started by Microsoft and some hardware vendors several years ago that now consists of around 100 companies. TCG has a standard for the Trusted Platform Module (TPM), which is now included with many computer hardware systems. The TPM theoretically gives the hardware vendor complete control over what software can run on the system.
The result of the TCG controls is that you could have a completely free operating system running in a completely closed, vendor lock-in style computing environment. As a result, TCG and the "Trusted Computing" paradigm has come under fire from many corners of the Free Software community – most colorfully, perhaps, from Free Software Foundation founder Richard Stallman, who refers to "trusted computing" as "treacherous computing" [3].
The fact that Microsoft lists "root of trust" as the first property on their "Seven Properties of Highly Secured Devices" gives the strong impression that they intend to employ TCG technologies to maintain tight control over what software runs in their Azure Sphere IoT system. If so, the question is: Is Azure Sphere an example of Microsoft getting to be more like Linux? Or are they just getting Linux to be more like Microsoft?
Joe Casad, Editor in Chief
Infos
- Introducing Microsoft Azure Sphere: Secure and Power the Intelligent Edge: https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sphere-secure-and-power-the-intelligent-edge/
- Seven Properties of Highly Secure Devices: https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
- Can You Trust Your Computer?: https://www.gnu.org/philosophy/can-you-trust.en.html
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.