Building a secure boot chain to userland
2017-10-22, 14:30–15:10 (UTC), Event Loft

Secure boot as it currently exists in desktop Linux distributions is sufficient to verify that the bootloader and kernel have not been tampered with, but generally does nothing to ensure that userland is secure. How can we fix that?


Full system security requires the ability to determine that the entire system is in a trustworthy state. Secure Boot as currently implemented in Linux gets us partway there, but not all the way. Going further involves tying into additional security functionality, much of which already exists but is poorly integrated. This presentation will cover what needs to be done, the components required to do it and the integration work that distributions will need to do to make it viable.