Towards Measured Boot Out of the Box – Matthew Garrett, CoreOS
The technology to support measured boot has existed for over a decade, but no mainstream Linux distribution provides it out of the box. Now that we know people are attacking not only the boot chain but the system firmware itself, that’s not good enough.
This presentation will cover the reasons for lack of adoption, why we need to do better and what needs to be done to achieve that. It’ll also discuss how traditional models of measurement are suboptimal, how we can provide fine-grained measurement in reproducible ways and demonstrate some fun things that we can do with TPMs to improve general quality of life. It’ll also describe some additional work distributions can do to make it easier for users to deploy trusted boot in their environments.
About Matthew Garrett
Matthew Garrett is a security developer at CoreOS, developing technologies to improve the security of containers and the systems that run them. He has a background in firmware integration, power management and fruitfly genetics and so has atypical ideas about system complexity and the ease of reverse engineering. He is a board member of the Free Software Foundation and passionate defender of user freedoms