Explore a conference talk on System Transparency, a concept that addresses the trustworthiness of cloud-based software. Learn how this approach establishes trust in Software as a Service (SaaS) and Infrastructure as a Service (IaaS) scenarios by allowing all parties to retrieve and verify the complete source code of firmware and operating systems running on servers. Discover the key components of System Transparency, including unique cryptographic server identities, hardware trust anchors, and the use of open-source firmware like coreboot and LinuxBoot. Understand how reproducible firmware and OS images, network-retrieved OS images, and public append-only logs contribute to transparency. Gain insights into the platform security features implemented in the reference system and explore the custom bootloader based on LinuxBoot. Witness a demonstration of a modern x86 server platform running the prototype coreboot/LinuxBoot stack, showcasing the practical application of System Transparency principles.
Overview
Syllabus
36C3 ChaosWest: System Transparency
Taught by
media.ccc.de