Towards Measured Boot Out of the Box

Towards Measured Boot Out of the Box

Linux Foundation via YouTube Direct link

Intro

1 of 23

1 of 23

Intro

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Towards Measured Boot Out of the Box

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Security of the boot chain is vital
  3. 3 UEFI Secure Boot
  4. 4 No way to prove verification happened
  5. 5 Compromised servers
  6. 6 Modified laptops
  7. 7 Can't protect against hardware attacks
  8. 8 Trusted Platform Module
  9. 9 Small chip
  10. 10 Platform Configuration Registers
  11. 11 Trusted GRUB
  12. 12 Traditional approach
  13. 13 Unimportant configuration changes alter values
  14. 14 Use the logfile
  15. 15 Log entry contains description of binary and hash of binary
  16. 16 Log entry contains text and hash of text
  17. 17 Policy describes regular expressions
  18. 18 Coreos builds policy automatically on OS release
  19. 19 Use UEFI variables
  20. 20 Disk encryption keys
  21. 21 No secure boot support
  22. 22 Incompatible with runtime UEFI
  23. 23 Ship bootloader support Ship known-good measurements Integration with firmware updates Deterministic initramfs generation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.