BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.all-systems-go.io//FE98ZY
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-all-systems-go-2025-FE98ZY@cfp.all-systems-go.io
DTSTART;TZID=CET:20250930T093000
DTEND;TZID=CET:20250930T101000
DESCRIPTION:Linux lacks a coherent security model\, and by extension we nev
 er defined one for the systemd project either.\n\nIn this talk I'd like to
  start changing this\, and begin defining some general security design gui
 delines that we so far mostly followed implicitly\, and make them more exp
 licit. After all\, systemd to a large degree is involved in security subsy
 stems\, from SecureBoot\, Measured Boot & TPM\, to its service sandboxing\
 , dm-verity/dm-crypt support\, its FIDO2/PKCS#11 hookups\, its many securi
 ty boundaries\, secure parameterization\, Linux Security Module initializa
 tion and more.\n\nWhile this distributions & applications consuming system
 d might follow different security models I think it's important to talk ab
 out a unified vision from the systemd upstream perspective\, even if vario
 us downstreams then make modifications or only deploy a subset of it.
DTSTAMP:20260305T235626Z
LOCATION:Loft
SUMMARY:A Security Model for systemd - Lennart Poettering
URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/FE98ZY/
END:VEVENT
END:VCALENDAR