Linux Plumbers Conference 2021

Session

System Boot and Security MC

Sep 22, 2021, 7:00 AM

Description

The System Boot and Security microconference focuses on the firmware, bootloaders, system boot and security around the Linux system. It also welcomes discussions around legal and organizational issues that hinder cooperation between companies and organizations to bring together a secure system.

289. System Boot and Security MC Introduction

Daniel Kiper

9/22/21, 7:00 AM

159. Writing Grub2 modules in Rust

Daniel Axtens (IBM)

9/22/21, 7:10 AM

The grub2 bootloader is a trusted component of the secure boot process, including "traditional" GPG-based secure boot, UEFI-based secure boot, and the logical partition secure boot process being developed by IBM. Grub2 is mostly written in C and has suffered from a number of memory-unsafety issues in the past.

Rust is a systems programming language suitable for low-level code. Rust can...

225. Firmware and Bootloader Logging

Alec Brown , Daniel Kiper

9/22/21, 7:50 AM

In the bootloader as well as firmware, there is a lot of useful information on how the system is set up. However, there has been a lack of transportation in sending this information to the operating system. Initially, we designed a log to record messages from the GRUB2 bootloader so the TrenchBoot project could view how the platform was being setup during boot. After some discussion, we...

279. Linux and DRTM on Arm

Stuart Yoder (Arm)

9/22/21, 8:30 AM

A specification for Dynamic Root of Trust for Measurement (DRTM) on the Arm architecture will be available Fall 2021. DRTM allows a system in a potentially unknown or untrusted state to boot an OS or hypervisor into a known and trusted state.

This topic will present an overview of DRTM on Arm to provide context, followed by discussion around several topics that have implications for the...

281. TrenchBoot Secure Launch upstreaming

Ross Philipson (Oracle) , Daniel Smith (Apertus Solutions, LLC)

9/22/21, 9:10 AM

The ability to do a Trusted Computing Group (TCG) Dynamic Launch of a system has been commercially available in x86 processors since 2006 with the introduction of Intel TXT for Intel processors and by AMD-V for AMD processors. Over the years the technology has mainly been used by limited number of security-sensitive projects. The TrenchBoot Project has been working to make the underlying...

43. System Boot and Security Microconference

In the third year in a row, we are going to bring together people interested in the
firmware, bootloaders, system boot, security, etc., and discuss all these topics
during System Boot and Security microconference. Last year BootHole events
showed how crucial is platform initialization for the overall system security.
These events exposed many weaknesses and shortcomings in current...