BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.all-systems-go.io//all-systems-go-2025//Z79CXS
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-all-systems-go-2025-TNKPQS@cfp.all-systems-go.io
DTSTART;TZID=CET:20251001T160000
DTEND;TZID=CET:20251001T164000
DESCRIPTION:With Bootable Containers (bootc)\, we can place the operating s
 ystem files inside a standard OCI container. This lets users modify the co
 ntent of the operating system using familiar container tools and the Conta
 inerfile pattern. They can then share those container images using contain
 er registries and sign them using cosign.\n\nUsing composefs and fs-verity
 \, we can link a UKI to a complete read only filesystem tree\, guaranteein
 g that every system file is verified on load. We integrate this in bootc b
 y creating a reliable way to turn container images into composefs filesyst
 em trees\, and then including the UKI in the container image.\n\nWe will s
 hare the progress on the integration of UKI and composefs in bootc and how
  we are going to enable remote attestation for those systems using trustee
 \, notably for Confidential Computing use cases.
DTSTAMP:20260315T020705Z
LOCATION:Loft
SUMMARY:UKI\, composefs and remote attestation for Bootable Containers - Ti
 mothée Ravier\, Pragyan\, Vitaly Kuznetsov
URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/TNKPQS/
END:VEVENT
END:VCALENDAR