Linux Plumbers Conference 2025

Session

System Boot and Security MC

13 Dec 2025, 10:00

Conveners

System Boot and Security MC

• Daniel Kiper
• Piotr Król (3mdeb)

Description

The System Boot and Security Microconference has been a critical platform for
enthusiasts and professionals working on firmware, bootloaders, system boot,
and security. This year, once again, we want to focus on the challenges that
arise when upstreaming boot process improvements to the Linux kernel and
bootloaders. Our experience shows that the introduction of new and/or not well-known
technologies into the kernel are especially difficult. The TrenchBoot project
is a very good example here, but we think others are also impacted. So, it would
be good to take all project stakeholders in one room and think what does not
work, what can be improved, etc. Though we are also happy to hear and discuss
what is currently happening in other areas related to platform initialization
and OS boot. Especially discussion about obstacles, not only technical ones,
during upstreaming and finding solutions during the MC can be very valuable for
various projects and the audience.

We welcome talks on the following things that can help achieve the goals mentioned above:
- TrenchBoot, tboot,
- TPMs, HSMs, secure elements,
- Roots of Trust: SRTM and DRTM,
- Intel TXT, SGX, TDX,
- AMD SKINIT, SEV,
- ARM DRTM,
- Growing Attestation ecosystem,
- IMA,
- TianoCore EDK II (UEFI), SeaBIOS, coreboot, U-Boot, LinuxBoot, hostboot,
- Measured Boot, Verified Boot, UEFI Secure Boot, UEFI Secure Boot Advanced Targeting (SBAT),
- shim,
- boot loaders: GRUB, systemd-boot/sd-boot, network boot, PXE, iPXE,
- UKI,
- u-root,
- OpenBMC, u-bmc,
- legal, organizational, and other similar issues relevant to people interested
in the system boot and security.

423. Ultraviolet: A Code Integrity Model for Minimal Container Hosts

James Morris

13/12/2025, 10:00

We’re seeing increased adoption of boot security technologies in Linux and utilization of platform root-of-rust mechanisms. There’s also been significant progress in open community efforts around image-based systems, where typically the root partition and/or the usr partition are implemented as signed DM-Verity volumes.

We’d like to demonstrate how to extend the integrity chain from boot...

448. The Future of Platform Security Measurement in Linux

Maciej Pijanowski (3mdeb)

13/12/2025, 10:25

The LVFS Host Security ID (HSI) has become the de facto standard for measuring
platform security in Linux, with major distributions adopting it to present
security posture to end users. Designed primarily around proprietary UEFI
implementations, HSI may present edge cases for open-source firmware vendors
working with diverse firmware stacks like coreboot and edk2.

This session examines...

401. Reconcilable Differences: Booting Linux on IBM PowerVM LPARs

George Wilson (IBM)

13/12/2025, 10:50

When booting Linux on PowerVM LPARs, there are unique characteristics vs UEFI-based systems that developers must consider. Expanding on last year's talk that discussed booting without a bootloader, this talk explores additional aspects of booting Linux on Power, current platform status, and potential future enhancements. Topics include verified and measured boot with PQC, proposals for...

417. Design Space and Challenges in Design of Attested TLS Protocols

Muhammad Usama Sardar (TU Dresden)

13/12/2025, 11:30

Abstract

We have defended our position (cf. [expat BoF][1]) to standardize the attested TLS protocol in the [IETF][2], and a new Working Group named [Secure Evidence and Attestation Layer (SEAL)][3] is being formed to exclusively tackle this specific problem. We would like to present the work (candidate [draft][4] for standardization) and gather feedback from the security community on the...

334. Oak stage0: a minimal firmware for (confidential) virtual machines

Mr Andri Saar (Google)

13/12/2025, 12:00

Oak stage0 is a VM firmware, mainly targeting QEMU microvm and Q35 machines (and compatible VMMs) that is simpler (and less featureful) than the traditional choices of EDK2/OVMF and SeaBIOS. The main purpose of stage0 is to provide a smaller and simpler method of booting confidential virtual machines to reduce the TCB. To that end, stage0 supports AMD SEV-SNP and Intel TDX; stage0 is the first...

58. Who Authenticates Linux? Rethinking PAM & NSS in the Age of Cloud Identity

Mr David Mulder (SUSE)

13/12/2025, 12:25

Who authenticates Linux? In the age of Azure Entra ID, Okta, Google Workspace, and beyond, the answer is increasingly "not your local LDAP or Kerberos realm." Modern identity providers rely on OAuth2, device compliance, and custom multi-factor authentication (MFA) flows that are fundamentally browser-centric — which sits at odds with how a Linux login works.

PAM was designed decades ago for...

150. Android Boot, DRTM, UKIs

Dmitrii Merkurev (Google), Leif Lindholm (Qualcomm), Ram Muthiah (Google)

13/12/2025, 13:00

Android boot flow quick recap
- Current problems
- Fastboot

GBL proposal
- Android meets UEFI
- Existing protocols adoption
- GBL custom protocol for Android Boot

Android UEFI Upstreaming
- EFI implementation for LittleKernel
- GBL protocols (EDK2, LittleKernel, Uboot)

Android Adoption of DRTM - How could the ARM DRTM spec be updated to account for Android boot'isms in a HLOS...