Explore the concept of using Linux as a trusted bootloader in this 21-minute conference talk by Eric Richter from IBM. Dive into the world of Petitboot, a kexec-based bootloader that leverages Linux to boot Linux, and its application in OpenPOWER firmware. Learn about the linux-integrity subsystem and the minimal kernel modifications required to transform Petitboot into a trusted boot loader. Gain insights into trusted boot on OpenPOWER and discover the potential for using Petitboot as a secure bootloader. Follow along as Richter covers topics such as TPM, measuring, kexec, IMA, limitations, and device tree serialization. Understand the implications of this work for the future of secure booting in Linux systems.
Overview
Syllabus
Introduction
Overview
TPM
Measuring
What we need
KExec
Adding Measurements
Fixing Measurements
IMA
Limitations
Measures
Serializing
Device Tree
Final remarks
Taught by
Linux Foundation
