Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, August 17 • 2:20pm - 3:10pm
Extending the Secure Boot Certificate and Signature Chain of Trust in the OS - Fionnuala Gunter, Hypori

Sign up or log in to save this to your schedule and see who's attending!

The Linux kernel's integrity subsystem verifies and enforces file
integrity based on file signatures. Files are currently signed, post
install, by walking the file system - a time consuming process. A better, more complete,
solution is to include file signatures in software packages, similar to
the existing file hashes. This enables files to be automatically labeled
with signatures during installation.

This talk describes extending the UEFI secure boot certificate chain of
trust to the OS to prevent unauthorized software/files from being
executed or accessed. It will cover proposed software package manager
changes for including and installing file signatures, locally signing
certificates used for verifying file signatures, and loading the signed
certificates onto the trusted IMA keyring.

Speakers
avatar for Fionnuala Gunter

Fionnuala Gunter

Security Software Developer, Hypori
Fionnuala Gunter extended RPM Package Manager to include and install file signatures while at IBM. She is currently a Security Developer at Hypori.



Monday August 17, 2015 2:20pm - 3:10pm
Willow B