LinuxCon + CloudOpen + ContainerCon NA 2015 has ended
Back To Schedule
Monday, August 17 • 2:20pm - 3:10pm
Extending the Secure Boot Certificate and Signature Chain of Trust in the OS - Fionnuala Gunter, Hypori

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The Linux kernel's integrity subsystem verifies and enforces file
integrity based on file signatures. Files are currently signed, post
install, by walking the file system - a time consuming process. A better, more complete,
solution is to include file signatures in software packages, similar to
the existing file hashes. This enables files to be automatically labeled
with signatures during installation.

This talk describes extending the UEFI secure boot certificate chain of
trust to the OS to prevent unauthorized software/files from being
executed or accessed. It will cover proposed software package manager
changes for including and installing file signatures, locally signing
certificates used for verifying file signatures, and loading the signed
certificates onto the trusted IMA keyring.

avatar for Fionnuala Gunter

Fionnuala Gunter

Security Software Developer, Hypori
Fionnuala Gunter extended RPM Package Manager to include and install file signatures while at IBM. She is currently a Security Developer at Hypori.

Monday August 17, 2015 2:20pm - 3:10pm PDT
Willow B

Attendees (0)