Completed
Ship bootloader support Ship known-good measurements Integration with firmware updates Deterministic initramfs generation
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Towards Measured Boot Out of the Box
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Security of the boot chain is vital
- 3 UEFI Secure Boot
- 4 No way to prove verification happened
- 5 Compromised servers
- 6 Modified laptops
- 7 Can't protect against hardware attacks
- 8 Trusted Platform Module
- 9 Small chip
- 10 Platform Configuration Registers
- 11 Trusted GRUB
- 12 Traditional approach
- 13 Unimportant configuration changes alter values
- 14 Use the logfile
- 15 Log entry contains description of binary and hash of binary
- 16 Log entry contains text and hash of text
- 17 Policy describes regular expressions
- 18 Coreos builds policy automatically on OS release
- 19 Use UEFI variables
- 20 Disk encryption keys
- 21 No secure boot support
- 22 Incompatible with runtime UEFI
- 23 Ship bootloader support Ship known-good measurements Integration with firmware updates Deterministic initramfs generation