Securing TPM Secrets with TXT and Kernel Signatures

Explore a cutting-edge approach to securing data in TPM2's NVRAM using Intel's TXT and tboot extensions for kernel signature verification. Delve into the design and progress of a system that aims to restrict access to TPM2-stored data exclusively to kernels signed by authorized entities, while maintaining robustness during kernel upgrades and downgrades. Compare this innovative solution to existing methods employing traditional TXT and UEFI Secure Boot, understanding their limitations in terms of protection and usability. Gain insights from Paul Moore of Cisco as he presents this work-in-progress, offering a comprehensive look at enhancing data security in modern computing environments.