Overview
Syllabus
Intro
Intel Trusted Execution Technology (TXT)
Open Cloud Integrity Technology (CIT) Intel's remote attestation solution
UEFI secure boot UEFI BIOS's Verified boot component
Threats!
Goals! To maintain integrity properly
Trusted Platform Module (TPM)
Shim and Grub Shim
Assumptions
TUX Architecture
Integrity Manager
Kernel update using TUX
Remote attestation with TUX
Trusted Secure boot (TS-Boot) Combination of UEFI secure boot, Shim, and Cores Grub
PCR-Verification
TPM measurements
Experiment
Demo
Discussion
Conclusion Integrity changes when update is conducted and thus it should be property managed along with updates
Taught by
Linux Foundation