-
27/08/2020, 07:00
-
Daniel Axtens (IBM)27/08/2020, 07:10
Much of the Secure and Trusted Boot ecosystem is built around UEFI. However, not all platforms implement UEFI, including IBM's Power machines.
In this talk, I present a proposal for secure boot of virtual machines on Power. This is an important use case, as many Power machines ship with a firmware hypervisor, and all user workloads run as virtual machines or "Logical Partitions" (LPARs).
Go to contribution page
... -
Harry Hsiung (Intel)27/08/2020, 07:35
Firmware is responsible for low-level platform initialization, establishing root-of-trust, and loading the operating system (OS). Signed UEFI Capsules define an OS-agnostic process for verified firmware updates, utilizing the root-of-trust established by firmware. The open source FmpDevicePkg in TianoCore provides a simple method to update system firmware images and device firmware images...
Go to contribution page -
Dr Ofir Weisse (Google)27/08/2020, 08:10
Speculative execution attacks, such as L1TF, MDS, LVI pose significant security risk to hypervisors and VMs. A complete mitigation for these attacks requires very frequent flushing of buffers (e.g., L1D cache) and halting of sibling cores. The performance cost of such mitigations is unacceptable in realistic scenarios. We are developing a high-performance security-enhancing mechanism to...
Go to contribution page -
ronald minnich (Google)27/08/2020, 08:35
A broad collection of companies are now using LinuxBoot for their firmware. They are still running into kexec issues involving drivers that don't correctly shut down, start up, or still need the BIOS to set magic, undocumented bits.
We have to be able to mark drivers and associated code as "LinuxBoot Ready." This might be done in Kconfig with an option that would only present those drivers...
Go to contribution page -
Doug Farley (Dell EMC), Lenny Szubowicz (Red Hat)27/08/2020, 09:00
NVMe over Fabrics™ (NVMe-oF™) lacks a native capability for boot from Ethernet. We will Introduce a joint model to address boot from NVMe-oF/TCP, its impact to the kernel and the entire ecosystem, and collect feedback from the Linux community. This architectural model is being designed for standardization by the appropriate committees (e.g., NVM Express™ or UEFI™ Forum).
Go to contribution page -
Mr Dimitar Tomov (DesignFirst), Mr Ian Oliver (Nokia Bell Labs)27/08/2020, 09:35
A Ridiculously Short Intro into Device Attestation
Dimitar Tomov, Design First, ES
Ian Oliver, Nokia Bell Labs, FIVery practical look at how to use a TPM and perform device attestation. A system can have trusted qualities instead of being 100% trusted. Cross-referencing different types of attestation data can provide evidence for trusted qualities. The decision of whether a device is...
Go to contribution page -
Daniel Smith (Apertus Solutions, LLC)27/08/2020, 10:00
The TrenchBoot Project has put forth an RFC for adding direct support to Linux for x86 DRTM. Many people are familiar with the early launch capability implemented by Intel's tboot, but there has also been academic work on live relaunch, e.g. Jon McCune's Flicker. SecureLaunch was designed to support a range of launch integrity capabilities. This discussion will review a subset of solutions...
Go to contribution page -
Mr Daniel Kiper (Oracle), Mr Michał Żygowski (3mdeb Embedded Systems Consulting)27/08/2020, 10:25
Each operating system relies on the information exposed to it by the firmware. It consists of various data like memory map, device structure (either ACPI or devicetree), firmware version, vendor, etc. But passing information from operating system bootloader has been neglected for many years. In this presentation, we will mainly focus on retrieving information from firmware and bootloader by...
Go to contribution page
Choose timezone
Your profile timezone:
