Linux Security Summit Europe 2025

Linux Security Module Framework provides a mechanism to extend kernel's security promises and enforce access control policies. In this talk we aim to examine how various pieces of LSM framework can benefit from an extra layer of protection through Linux Virtualization Based Security (LVBS) which is a security feature that implements kernel integrity via hardware virtualization features and hypervisors.

Protecting the kernel from data-only attacks is a growing concern that is increasingly addressed through hypervisor-based solutions. A lightweight alternative may be found in protection keys (pkeys), a hardware mechanism that provides a per-thread and easily switchable view of memory. While pkeys are currently available to userspace on supported architectures, their potential for enhancing kernel security remains unused.

This talk demonstrates how pkeys can be leveraged within the kernel to protect critical data structures, such as page tables and credentials. We will show how this approach can be implemented and present an evaluation of its performance impact on arm64, illustrating its feasibility for real-world deployment.

Attendees will leave with a deeper understanding of how pkeys can enhance kernel security, the trade-offs involved, and the potential for adoption in future Linux hardening efforts.

Integrity Measurement Architecture (IMA) was originally designed and developed by IBM Research to extend the trusted
boot chain of measurements to the running system. Subsequently, support for extending secure boot up to the running system (IMA-appraisal) was added and, with it, support for writing audit messages in the system logs.

For good and for bad, IMA-measurement and IMA-appraisal needed to be flexible to work in different environments from embedded/IoT to large systems. The original concepts of extending both trusted and secure boot have not changed, but some of the methods/designs could be improved.

This talk proposes a few kernel improvements based on our work in user space. First, it proposes a new design change to serialize and store the measurement list in a memory area shared between primary and secondary kernel, so that nothing needs to be done on kexec, as opposed to carrying out measurements from one kernel to another.

Second, it proposes a new testing tool for verifying that IMA reported a violation when a file is opened for read and
subsequently opened as write or vice-versa. Building on that, the talk also discusses a few alternatives on how to detect
such violations.

Finally, it proposes a new debugging technique, allowing to run a large number of integration tests without rebooting the
kernel.

Starting with Linux 6.14, we will be able to securely control script execution using new execveat(2) and prctl(2) flags, successors to O_MAYEXEC. This marks a crucial step toward fully supporting code integrity on Linux.

The next steps involve enlighting script interpreters and providing users with straightforward ways to incrementally enforce such restrictions. Options include leveraging existing LSM policies and configuring user-space process management services (e.g., systemd).

In this talk, we will explore the kernel changes that were required (e.g., uAPI, IMA, IPE) and the ongoing complementary user-space updates, including script enlightenment. We will also explain the rationale behind the new securebits and how they facilitate a smooth migration, especially for generic Linux distributions.

CI/CD pipelines are complex environments. This complexity requires methodical comprehensive reviews to secure the entire stack. Often a company may lack the time, specialist security knowledge, and people needed to secure their CI/CD pipelines. Realising these facts; cyberattacks targeting CI/CD pipelines has been gaining momentum, and attackers increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. In this presentation, we will share some of our observation through showing different flavours of attack on possible development pipelines, and introduce a tool to detect them.

Bootloaders are foundational to system security, yet their attack surface often remains under-scrutinized.
This talk presents ongoing efforts to harden the security posture of the barebox bootloader when used in verified boot chains.

Topics include defining the security-critical subset of the verified boot path, applying fuzzing to core logic, and highlighting the security implications of user configurations.
The session will also cover software hardening measures, mechanisms for secure runtime unlocking and the formalization of security issue handling.

Attendees will gain insight into both the technical challenges and the roadmap to help users deploy a verified boot chain into embedded products while minimizing potential risks.

There have been thousands security vulnerabilities in Linux OS community and also has new detected ones every day. The operating system vendors (OSVs) have to take big effort to mitigate CVEs and hardening the OS. To save the effort, we analyzed most of the history CVEs in Linux kernel, and understand the CVE distribution by CWE, kernel config, sysctl parameters and others key attribution. In this way, we expect to understand which OS hardening method is most useful and which is not so important. Furthermore, we also expect it can help us prioritize the CVEs, then we only need focus on the most critical one. Last, we also prefer to share how we handle the CVEs in the production Linux kernel and expect it can benefit more talent in Linux community.