Securing Embedded Linux Systems with TPM 2.0 - Philip Tricca, Intel
Despite the myriad technologies available for the task, securing Linux systems (embedded or otherwise) is not much easier today than it was 10 years ago. Where many security talks at ELC have given surveys of the various components, and architectures for securing embedded Linux systems this talk is a deep dive into enabling and using the new trusted platform module 2.0 (TPM2) to achieve specific security goals.
This talk will have 3 major thrusts: Firstly we will discuss a threat model that describes the security goals we wish to achieve as well as the threats to these goals that we're able to mitigate with the TPM. Second, we describe the Intel TPM2 software stack (TSS) and the various possible configurations appropriate for Linux systems from embedded up to servers. Finally we discuss implementations of our mitigations using the meta-measured Open Embedded layer.
About Philip Tricca
Philip is a platform architect in Intel's platform security division working to enable use of the Trusted Platform Module (TPM) and SGX in open source. Recently Phil has taken over maintainership of Intel's implementation of the TPM2 software stack and has been obsessing over system integrity and measurement architectures for years. In his spare time he maintains the meta-measured Open Embedded meta layer where he brings together the various integrity measurement components from TPM2 patches to Grub2 all the way up to the userspace infrastructure. Additionally he's a periodic contributor to meta-selinux and the OpenXT project.