Name: TBOOT and Secure Boot coexistence to launch OS even more securely. - Łukasz Hawryłko, Intel Corporation
Start: 2020-10-30T14:00:00+0000
End: 2020-10-30T14:45:00+0000

View More Details & Registration

Back To Schedule

TBOOT and Secure Boot coexistence to launch OS even more securely. - Łukasz Hawryłko, Intel Corporation

Feedback form is now closed.

Intel TXT is a D-RTM technology that allows to set-up trusted environment by measuring boot process components. Measurements, stored in TPM, can be verified by local or remote attestation to detect any inconsistency in the boot process. UEFI Secure Boot has a similar goal, however, it is achieved in different ways. In opposite to Intel TXT, Secure Boot is an S-RTM technology that requires to maintain trusted chain from the beginning of system power up. TBOOT is an implementation of MLE in Intel TXT dedicated for Linux kernel based OS and Xen VMM. The current version does not support Secure Boot, so there is no possibility to enable Intel TXT and Secure Boot simultaneously when using TBOOT. This presentation discusses the possibilities of enabling Secure Boot in TBOOT and what benefits come from that.

Speakers

Łukasz Hawryłko

Security Engineer, Intel

I am working at Intel in BIOS Security team, where I am an architect and leading developer of TBOOT project. In my job, I am also working with Open Source community to help in enabling Intel TXT on Linux based systems.

TBOOT and SecureBoot pdf

Friday October 30, 2020 14:00 - 14:45 GMT
LSS Theater

Refereed Presentations

Skill Level Intermediate
Session Slides Included

Linux Security Summit Europe 2020

Łukasz Hawryłko