The Linux kernel has always been a fertile ground for security research, but until now the boot‑time integrity verification process required either custom patches or reliance on immutable firmware signatures. Linux 6.15, released in February 2026, introduces a brand‑new eBPF‑based Linux Security Module (LSM) hook that lets unprivileged developers attach integrity‑checking logic directly to the Secure Boot measurement path. Coupled with native TPM 2.0 support, this mechanism enables full remote attestation of the kernel image, initramfs, and early‑userspace binaries without recompiling the kernel. In this article we dissect the architecture, walk through a practical implementation, and discuss the operational impact on zero‑trust environments.
Why a New Attestation Model?
Traditional Secure Boot validates a chain of signatures that end at the kernel image. While this guarantees that the code has not been tampered with, it does not provide runtime visibility into the exact binary that was loaded, nor does it allow a cloud‑native operator to verify the boot state from a remote management console. Existing solutions—such as IMA (Integrity Measurement Architecture) or measured boot via TPM PCRs—require kernel‑level code changes and are difficult to enable on commodity distributions. The eBPF‑LSM extension in 6.15 abstracts the measurement logic into a loadable BPF program, dramatically lowering the barrier to entry and aligning boot‑time attestation with the “code‑as‑data” philosophy that underpins modern cloud security stacks.
Technical Overview of the New Hook
The kernel now exposes a new BPF program type: BPF_PROG_TYPE_LSM with the sub‑type BPF_LSM_TYPE_BOOT_MEASURE. When the bootloader hands control to the kernel, the kernel’s boot_measure() function is invoked before the first user‑space process is spawned. The function creates a hash of the kernel ELF header, the decompressed initramfs, and any early‑init scripts that are executed. This hash is then passed to the attached eBPF program as a struct bpf_boot_measure payload:
struct bpf_boot_measure {
__u8 kernel_sha256[32];
__u8 initramfs_sha256[32];
__u64 boot_timestamp_ns;
__u32 pcr_index;
__u32 flags;
};
The eBPF program can inspect, augment, or reject the measurement. If the program returns 0, the kernel proceeds; any non‑zero return aborts the boot sequence, effectively turning the eBPF program into a policy enforcement point. Because eBPF programs run in a sandboxed VM, they cannot corrupt kernel memory, yet they have full access to kernel helper functions for hashing, TPM interaction, and network I/O.
TPM 2.0 Integration Made Simple
Linux 6.15 ships a new helper, bpf_tpm_extend(), which allows an eBPF program to extend a Platform Configuration Register (PCR) directly from the BPF context. The helper abstracts the TPM device node (/dev/tpm0) and handles the necessary session negotiation. A minimal eBPF attestation program therefore looks like this:
SEC("lsm/boot_measure")
int attestation_prog(struct bpf_boot_measure *m)
{
// Extend PCR 4 with the kernel hash
bpf_tpm_extend(m->pcr_index, m->kernel_sha256, 32);
// Extend PCR 5 with the initramfs hash
bpf_tpm_extend(m->pcr_index + 1, m->initramfs_sha256, 32);
// Optionally send the digest to a remote verifier
bpf_probe_write_user(m->flags ? &remote_send : NULL, m, sizeof(*m));
return 0; // Allow boot to continue
}The program extends two PCRs (4 and 5) with the computed SHA‑256 digests. Because the helper runs before any user‑space code, the measurements are guaranteed to reflect the exact binaries that the firmware loaded. Remote attestation services can later query the TPM’s PCR values over a secure channel (e.g., via TPM‑based TLS client certificates) and compare them against a known good baseline stored in a policy server.
Deploying the Attestation Program
Deploying the BPF attestation program does not require rebuilding the kernel. The steps are:
- Compile the BPF program with
clang -target bpf -O2 -c attestation.c -o attestation.o. - Load the program using
bpftool prog load attestation.o /sys/fs/bpf/boot_attest type lsm. - Pin the program to the LSM hook:
bpftool prog attach pinned /sys/fs/bpf/boot_attest lsm. - Verify that the TPM PCRs are being extended by checking
tpm2_pcrread sha256:4,5after a reboot.
All of these commands can be scripted and integrated into a provisioning pipeline (e.g., Ansible or Terraform Cloud) so that every node in a fleet automatically enforces the same attestation policy.
Remote Verification Workflow
Once the node boots, a lightweight agent—written in Go or Rust—queries the TPM for the PCR values and sends a signed JSON payload to a central verification service. The service holds a hash‑map of approved boot configurations per hardware SKU. If the submitted PCRs match an entry, the node is marked “trusted” in the inventory database; otherwise an alarm is raised, and the node can be automatically isolated via a software‑defined network policy.
{
"hostname": "edge‑node‑12",
"pcrs": {
"4": "a3f5c2…e9d1",
"5": "7b1d4e…c2f8"
},
"timestamp": "2026-03-02T23:45:12Z",
"signature": "MEUCIQD…"
}The payload is signed with an attestation key stored in the TPM’s Endorsement Hierarchy, ensuring the authenticity of the measurement. Because the verification logic lives entirely in user space, organizations can evolve their policy definitions without touching the kernel.
Security Considerations and Limitations
While the eBPF‑LSM model eliminates the need for kernel patches, it introduces a new attack surface: the BPF verifier. A malicious actor could attempt to load a program that bypasses the measurement logic or corrupts the PCR values. The kernel’s verifier, however, enforces strict safety guarantees—no unbounded loops, limited stack usage, and a ban on helper calls that could write arbitrary kernel memory. Additionally, the bpf_tpm_extend() helper is limited to PCR indices 0‑23, preventing overflow attacks.
Another limitation is that the attestation only covers the kernel image and initramfs. Post‑boot components (e.g., kernel modules loaded later) must be measured separately, either by extending additional PCRs or by using the existing IMA framework. Finally, the approach assumes a TPM 2.0 device is present; on platforms without hardware TPM, a software TPM can be used, but it does not provide the same root‑of‑trust guarantees.
Operational Impact for Zero‑Trust Environments
Enterprises that have adopted a zero‑trust stance for their edge and IoT deployments can now enforce boot‑time integrity without a custom kernel. The workflow integrates naturally with existing identity‑based access controls: a node that fails attestation can be denied a certificate from the internal PKI, effectively removing it from the mesh. Because the policy is expressed as a BPF program, security teams can version‑control the attestation logic, perform code reviews, and roll out updates through standard CI pipelines—mirroring the DevSecOps model that has become standard for runtime security.
“eBPF turns the kernel into a programmable security platform, and Linux 6.15 finally lets you lock down the boot chain with the same toolset you use for runtime traffic filtering.”
Conclusion
Linux 6.15’s eBPF‑based boot measurement hook marks a pivotal shift from static, firmware‑only Secure Boot to a dynamic, policy‑driven attestation model. By leveraging native TPM 2.0 helpers, developers can build end‑to‑end zero‑trust boot chains that are auditable, version‑controlled, and deployable across heterogeneous fleets. The approach bridges the gap between low‑level firmware security and cloud‑native observability, offering a pragmatic path for organizations to meet emerging compliance regimes such as the EU’s “Secure Firmware” directive and the U.S. Executive Order on Zero‑Trust Architecture. As the ecosystem matures, we can expect more advanced use‑cases—like attesting container runtimes and hypervisor loaders—built on the same eBPF foundation.