Securing firmware: Secure and Trusted boot in OpenBMC
Room 7 | Fri 17 Jan | 11:40 a.m.–12:25 p.m.
Presented by
-
Joel Stanley
@shenki
https://jms.id.au
Joel is a firmware and kernel hacker at IBM OzLabs. Based in Adelaide, he works on ensuring our low level bits and bytes are all upstream and up to date.
Joel Stanley
@shenki
https://jms.id.au
Abstract
The OpenBMC project has brought modern Linux technologies to the firmware in your new server. A missing piece of this is ensuring the firmware is the image you expect it to be running, weather that is something your vendor shipped, an update, or something you build yourself from the open source project.
The next generation of BMC hardware will allow a hardware root of trust to secure the entire boot chain. Come hear about how that works, and how the design goes to great lengths to ensure user freedoms to replace firmware while still being secure are preserved. This talk will coverTPMs, EEPROMs, keys, and signing, from a firmware perspective.
Linux Australia: http://mirror.linux.org.au/pub/linux.conf.au/2020/room_7/Friday/Securing_firmware_Secure_and_Trusted_boot_in_OpenBMC.webm
YouTube: https://www.youtube.com/watch?v=iOLC0FMe7Xs
The OpenBMC project has brought modern Linux technologies to the firmware in your new server. A missing piece of this is ensuring the firmware is the image you expect it to be running, weather that is something your vendor shipped, an update, or something you build yourself from the open source project. The next generation of BMC hardware will allow a hardware root of trust to secure the entire boot chain. Come hear about how that works, and how the design goes to great lengths to ensure user freedoms to replace firmware while still being secure are preserved. This talk will coverTPMs, EEPROMs, keys, and signing, from a firmware perspective. Linux Australia: http://mirror.linux.org.au/pub/linux.conf.au/2020/room_7/Friday/Securing_firmware_Secure_and_Trusted_boot_in_OpenBMC.webm YouTube: https://www.youtube.com/watch?v=iOLC0FMe7Xs