Securing TPM Secrets with TXT and Kernel Signatures - Paul Moore, Cisco
Forum 1
Speakers: Paul Moore
This presentation will discuss a work in progress to secure data in the TPM2’s NVRAM using Intel’s TXT and extensions to tboot to support kernel signature verification. The ultimate goal being the ability to restrict access to TPM2 stored data to only those kernels which have been signed by an authorized entity while being robust in the face of kernel upgrades and downgrades.
The talk will discuss the design, and current progress, in the context of existing solutions using traditional TXT and UEFI Secure Boot; explaining why these solutions fall short either in terms of protection or usability.