Explore the intricacies of securing Linux credentials locally using PowerVM Platform Keystore in this informative conference talk. Delve into the challenges of storing security-sensitive information for early boot processes and learn about IBM's solution through an isolated Platform Keystore (PKS) storage mechanism. Discover the proposed Linux kernel interface for managing PKS objects and understand the complexities of developing a unified interface across different platforms. Examine existing kernel code structures, compare securityfs and fwsecurityfs, and gain insights into PowerVM Guest Secure Boot Flow. Investigate the storage of authenticated variables in Platform KeyStore and explore additional use cases for PowerVM Platform Keystore. This presentation offers a comprehensive look at the evolving landscape of Linux security and firmware interfaces.
PowerVM Platform Keystore - Securing Linux Credentials Locally
Overview
Syllabus
Intro
How it started?
In Parallel - other patches in discussion
Existing Interfaces
Existing Kernel code structure
Environments are different - syntactically and semantically
Proposal - Firmware Security Filesystem (fwsecurityfs)
securityfs vs fwsecurityfs
PowerVM Guest Secure Boot Flow
Authenticated Variables Stored in Platform KeyStore
PowerVM: Platform Keystore Other Usecases
PowerPC Authenticated Variables exposed via fwsecurityfs
Taught by
Linux Foundation
Tags
Related Courses
-
Dynamic Key Managed PowerPC Guest Secure Boot
-
Extending OpenPOWER Boot Security to Guests
-
Using the TPM NVRAM to Protect Secure Boot Keys in POWER9 OpenPOWER Systems
-
OpenPOWER Host OS Secure Boot Key Management
-
Updating Linux with TUX: Trust Update for Linux Kernel
-
Towards Measured Boot Out of the Box
