filmov
tv
Securing the Linux boot process
Показать описание
Matthew Garrett
Linux has had support for UEFI Secure Boot for some time, which helps secure part of the boot process - you can be reasonably sure that nobody's replaced your bootloader or kernel, and that's sufficient to cover a bunch of cases. But for various technical reasons there's still a number of security critical components that are entirely unverified and which can be replaced by an attacker, and that means anyone with access to your system can configure it to steal (say) your hard drive encryption password. That's suboptimal.
There are various solutions to this involving TPMs, but so far they've all involved a lot of manual configuration and run the risk of being locked out of your machine for upgrading your kernel at the wrong time. Surely we can do better?
Unsurprisingly, yes. This presentation will describe some light modifications to the way distributions ship components that will make it possible to ensure that systems boot without running the risk of sensitive credentials being stolen but also without compromising the flexibility of the existing Linux boot process.
Linux has had support for UEFI Secure Boot for some time, which helps secure part of the boot process - you can be reasonably sure that nobody's replaced your bootloader or kernel, and that's sufficient to cover a bunch of cases. But for various technical reasons there's still a number of security critical components that are entirely unverified and which can be replaced by an attacker, and that means anyone with access to your system can configure it to steal (say) your hard drive encryption password. That's suboptimal.
There are various solutions to this involving TPMs, but so far they've all involved a lot of manual configuration and run the risk of being locked out of your machine for upgrading your kernel at the wrong time. Surely we can do better?
Unsurprisingly, yes. This presentation will describe some light modifications to the way distributions ship components that will make it possible to ensure that systems boot without running the risk of sensitive credentials being stolen but also without compromising the flexibility of the existing Linux boot process.
0:45:42
Securing the Linux boot process
0:04:44
How Does Linux Boot Process Work?
0:10:51
What are the Steps of the Linux Boot Process?
0:19:22
Linux Security Course - 4. Securing The Linux Boot Process
0:38:34
Bootloaders 101: How Do Embedded Processors Start? - Bryan Brattlof, Texas Instruments
0:07:44
Mastering Linux Security: Securing the Boot Process|packtpub.com
0:26:33
The Linux Boot Process (Linux+ Objective 1.1.2)
0:21:47
Secure boot in embedded Linux systems, Thomas Perrot
1:25:57
Update At Your Peril - Microsoft Breaks Grub, Torvalds Talks Kernel, & Linux LLMs
0:33:13
Embedded Linux Booting Process (Multi-Stage Bootloaders, Kernel, Filesystem)
0:08:06
UEFI boot explained (for Linux users)
0:32:08
UEFI Linux Secure Boot Kernel Signing and Verification demo
0:04:49
Version 252 Of Systemd Locks Down The Linux Boot Process
0:49:04
Secure Boot from A to Z - Quentin Schulz & Mylène Josserand, Bootlin (formerly Free Electrons)
0:02:58
What is Secure Boot? (EXPLAINED)
0:40:38
Using the TPM NVRAM to Protect Secure Boot Keys in POWER9 OpenPOWER Systems - Claudio de Carvalho
0:09:35
Lecture 15: Booting Process
0:02:37
Computer Boot Process animation
0:30:48
Secure Boot Overview
0:36:47
How ARM Systems are Booted: An Introduction to the ARM Boot Flow - Rouven Czerwinski
0:19:58
Basics of the Linux Boot Process
0:28:14
Linux Internals: UEFI Boot Stages using Debian 11
0:11:40
How to use UEFI | Every other YouTube video is WRONG!
0:51:17
Securing Embedded Linux Systems with TPM 2.0 - Philip Tricca, Intel
Комментарии