We are pleased to announce that the System Boot and Security Microconference has been accepted into the 2021 Linux Plumbers Conference. This microconference brings together those that are interested in the firmware, bootloaders, system boot and security. The events around last year’s BootHole showed how crucial platform initialization is for the overall system security. Those events may have showed the shortcomings in the current boot process, but they have also tightened the cooperation between various companies and organizations. Now is the time to use this opportunity to discuss the lessons learned and what can be done to improve in the future. Other cooperation discussions are also welcomed like those based on legal and organizational issues which may hinder working together.

Last year’s meetup achieved the following:

• TrenchBoot AMD: 3mdeb obtained funds from NLNet foundation to contribute to TrenchBoot for AMD platforms. The funding covered various open-source contributions to LandingZone, GRUB2, and Linux kernel
• TrenchBoot Steering Committee was created
• TrenchBoot Steering Committee participate with Arm D-RTM specification working group
• TrenchBoot Intel: Oracle implemented Intel TXT support in the Linux kernel and GRUB; a few version of RFC patches were posted and discussed; the design, except TPM driver in early kernel boot code, is mostly accepted at this point; next version of Linux kernel and GRUB patches are under development.
• GRUB: BootHole and further security developments; new UEFI LoadFile2 boot protocol implementation for GRUB – RFC patches posted; we want to discuss maintenance improvements and free software communities expectations.
• LVFS/fwupd had lots of contributions over last 12 months
  • IT5570 added to the superio plugin
  • Updated ESRT access implementation for FreeBSD
  • uefi-capsule plugin on FreeBSD
  • Add FreeBSD CI
  • Port for BSD distros
  • wip/3mdeb/qubes-wrapper

This year’s topics to be discussed include:

• TPMs, HSMs, secure elements
• Roots of Trust: SRTM and DRTM
• Intel TXT, SGX, TDX
• AMD SKINIT, SEV
• Ways to improve attestation,
• Integrity Measurement Architecture (IMA)
• TrenchBoot, tboot
• UEFI, coreboot, U-Boot, LinuxBoot, hostboot
• Measured Boot, Verified Boot, UEFI Secure Boot, UEFI Secure Boot Advanced Targeting (SBAT)
• shim
• boot loaders: GRUB2, SeaBIOS, network boot, PXE, iPXE
• u-root
• OpenBMC u-bmc
• Legal, organizational and other similar issues relevant for people interested in system boot and security.

Come and join us in the discussion about how to keep your system secure even at bootup.

We hope to see you there.