Linux Plumbers Conference 2022

Session

System Boot and Security MC

12 Sept 2022, 10:00

"Ulster & Munster" (Clayton Hotel on Burlington Road)

325. Welcome to System Boot and Security MC

Daniel Kiper, Michał Żygowski (3mdeb Embedded Systems Consulting)

12/09/2022, 10:00

77. Secure bootloader for Confidential Computing

Ken Lu (Intel), Jiewen Yao

12/09/2022, 10:05

Confidential computing (CC) provides a solution for data protection with hardware-based Trusted Execution Environment (TEE) such as Intel TDX, AMD SEV, or ARM RME. Today, Open Virtual machine Firmware (OVMF) and shim+grub provided necessary initialization for confidential virtual machine (VM) guest. More important, they acted as the chain of trust for measurement to support TEE attestation. In...

57. Secure Boot auto enrollment

vincent dagonneau

12/09/2022, 10:40

Based on a current systemd PR (https://github.com/systemd/systemd/pull/20255) that I submitted, I would like to talk about auto enrollment of Secure Boot.

I would be especially glad to have feedback on any unanticipated issues. Also it is a systemd PR, I think it fits the system boot and security micro conference as it deals with Secure Boot.

One major issue already identified is...

258. Kernel TEE subsystem evolution

Sumit Garg

12/09/2022, 11:15

A Trusted Execution Environment (TEE) is an isolated execution environment running alongside an operating system. It provides the capability to isolate security-critical or trusted code and corresponding resources like memory, devices, etc. This isolation is backed by hardware security features such as Arm TrustZone, AMD Secure Processor, etc.

This session will focus on the evolution of the...

104. Remote Attestation of IoT devices using a discrete TPM 2.0

Mr Dimitar Tomov (TPM.dev), Mr Svetlozar Kalchev (EnactTrust)

12/09/2022, 12:20

There are billions of networked IoT devices and most of them are vulnerable to remote attacks. We are developing a remote attestation solution for IoT devices based on Arm called EnactTrust. The project started with PoC for a car manufacturer in 2021.

Today, we have an open-source agent at GitHub[1] that performs attestation. The EnactTrust agent leverages a discrete TPM 2.0 module and has...

230. TrenchBoot Update

Daniel Smith (Apertus Solutions, LLC)

12/09/2022, 12:55

Presented here will be an update on TrenchBoot development, with a focus on the Linux Secure Launch upstream activities and the building of the new late launch capability, Secure ReLaunch. The coverage of the upstream activities will focus on the redesign of the Secure Launch start up sequence to accommodate efi-stub's requirement to control Linux setup on EFI platforms. This will include a...

231. Lamenting on Secure Boot, module signatures and shims

Morten Linderud (Independent)

Secure boot intend to be a way for OEMs to ensure only trusted software is capable of booting on the machines. For Linux distributions this is mostly being done by utilizing a pre-bootloader shim which is signed by a UEFI Certificate Authority, and unique for each individual Linux distribution.

One of the promises of Secure Boot was the intention of having users be able to regain control of...

269. This

270. Is

266. My Talk

273. Table

272. Time

268. First

271. A

267. TOO LATE