Explore the intricacies of securing Trusted Platform Module (TPM) secrets in datacenter environments through this informative conference talk presented by Paul Moore from Microsoft and Joy Latten from Cisco. Delve into the fundamentals of TPM, UEFI Secure Boot, and their interplay in modern computing systems. Understand the challenges associated with TPM PCR 7 stability and learn about TPM Extended Authorizations (EA). Discover a comprehensive solution to address security concerns, covering the entire boot process from UEFI firmware to the operating system. Gain insights into TPM management, policy revocation, and development system considerations. Examine the implementation details, including the role of Stubby and TPM provisioning requirements. Conclude with a discussion on future steps and resources for further exploration of TPM security in datacenter environments.
Overview
Syllabus
Intro
Joy Latten
Q&A During the Presentation
The Trusted Platform Module (TPM)
UEFI Secure Boot and the TPM
TPM PCR 7 Isn't Always Stable
TPM Extended Authorizations (EA)
Our Problem
Our Solution: The Basics
The Boot Process: UEFI Firmware Boot
The Boot Process: Bootloader
The Boot Process: Kernel and OS
Managing the TPM
TPM EA Policy Revocation
Development Systems
The Implementation
Stubby
TPM Provisioning Requirements
What's Needed?
Now what?
More Information
Taught by
Linux Foundation
