Overview
Explore the intricacies of securing Linux credentials locally using PowerVM Platform Keystore in this informative conference talk. Delve into the challenges of storing security-sensitive information for early boot processes and learn about IBM's solution through an isolated Platform Keystore (PKS) storage mechanism. Discover the proposed Linux kernel interface for managing PKS objects and understand the complexities of developing a unified interface across different platforms. Examine existing kernel code structures, compare securityfs and fwsecurityfs, and gain insights into PowerVM Guest Secure Boot Flow. Investigate the storage of authenticated variables in Platform KeyStore and explore additional use cases for PowerVM Platform Keystore. This presentation offers a comprehensive look at the evolving landscape of Linux security and firmware interfaces.
Syllabus
Intro
How it started?
In Parallel - other patches in discussion
Existing Interfaces
Existing Kernel code structure
Environments are different - syntactically and semantically
Proposal - Firmware Security Filesystem (fwsecurityfs)
securityfs vs fwsecurityfs
PowerVM Guest Secure Boot Flow
Authenticated Variables Stored in Platform KeyStore
PowerVM: Platform Keystore Other Usecases
PowerPC Authenticated Variables exposed via fwsecurityfs
Taught by
Linux Foundation