Explore the potential of TPM-based attestation for enhancing security and trust in a conference talk from linux.conf.au 2020. Delve into the functionality of Trusted Platform Modules, the generation of cryptographically verifiable event logs during the boot process, and the creation of signed quotes to prove expected software execution to remote sites. Discover how to leverage attestation data for protecting network resources, solving SSH host key trust issues in enterprise environments, and facilitating system recovery for users on the go. Learn about newly released open-source software for building novel attestation solutions that protect end users without compromising privacy or control. Gain insights into TPM identity, Attestation Keys, Platform Configuration Registers, and the challenges of remote attestation with fixed PCR values.
Overview
Syllabus
Intro
What is a TPM?
What is the identity of a TPM?
Why is there an AK?
What can we do with an AK?
What's a Platform Configuration Register (PCR)?
Bringing everything together: Remote Attestation
Fixed PCR values are hard to work with
What if remote attestation, but
Not ready for production yet
Taught by
linux.conf.au
