BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.all-systems-go.io//all-systems-go-2024//E33N3H
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-all-systems-go-2024-HVEZQQ@cfp.all-systems-go.io
DTSTART;TZID=CET:20240925T115500
DTEND;TZID=CET:20240925T123500
DESCRIPTION:Fedora image based variants (CoreOS\, Atomic Desktops\, IoT) ar
 e currently built using ostree and rpm-ostree. This enables an hybrid appr
 oach where the system is managed like an image but modifications are still
  possible using RPMs.\n\nBut this approach has limits:\n- It is difficult 
 for users to customize their operating system and share those customizatio
 ns.\n- The integrity of the boot chain is not guarenteed and it is costly 
 to validate the system content at runtime.\n\nTo address those shortcoming
 s\, we are introducing the bootable containers (bootc) project. With boota
 ble containers\, the content of the operating system\, including the kerne
 l and initrd (or a UKI) is shipped in a container image alongside its corr
 esponding base userspace root filesystem. This image can then be modified 
 using container native tools and shared via a container registry.\n\nTo ch
 ain from platform Secure Boot to a verified root filesystem\, the ostree p
 roject has integrated support for composefs. It combines multiple Linux ke
 rnel features (overlayfs\, EROFS and fs-verity) to provide read-only mount
 able filesystem trees stacking on top of an underlying "lower" Linux files
 ystem.\n\nWe will detail how we are integrating composefs and UKI support 
 in Bootable Containers to enable a trusted and measured boot chain while l
 etting users customize and re-sign their images to fit their needs.
DTSTAMP:20260315T015819Z
LOCATION:Main Hall
SUMMARY:The road to a trusted and measured boot chain in Bootable Container
 s - JB Trystram\, Timothée Ravier
URL:https://cfp.all-systems-go.io/all-systems-go-2024/talk/HVEZQQ/
END:VEVENT
END:VCALENDAR