Explore the implementation of Linux as a secure boot loader for OpenPOWER servers in this conference talk. Delve into the Integrity Management Architecture (IMA) subsystem and its limitations, including the inflexibility of the "secure_boot" command line option and build time policies. Learn about the challenges in supporting run-time decisions based on firmware's secure boot settings and the limitations of IMA-appraisal in verifying file signatures. Discover the proposed solutions and patch sets that address these issues, providing a comprehensive approach to using Linux as a secure boot loader. Gain insights from IBM experts Nayna Jain and Thiago Jung Bauermann as they share their expertise in Linux kernel integrity, trusted computing, and POWER architecture development.
Using Linux as a Secure Boot Loader for OpenPOWER Servers
Overview
Syllabus
Using Linux as a Secure Boot Loader for OpenPOWER Servers - Nayna Jain, IBM & Thiago Jung Bauermann
Taught by
Linux Foundation
Tags
Related Courses
-
Using the TPM NVRAM to Protect Secure Boot Keys in POWER9 OpenPOWER Systems
-
Abusing Linux as a Trusted Bootloader
-
Extending OpenPOWER Boot Security to Guests
-
OpenPOWER Host OS Secure Boot Key Management
-
Updating Linux with TUX: Trust Update for Linux Kernel
-
IMA Policy Support for fs-verity - A Win-win for Linux Integrity and File System Verification
