TPMs

The Linux Plumbers 2016 TPM track will focus on promoting discussions on integrating TPM support into mainstream distributions, from boot through to userspace. It will describe the issues that need to be rectified before TPMs can be depended upon in general, along with why this is so important (helping resist firmware-based attacks, increased protection of user keys and so on.

This will require discussion of kernel components along with early boot, system-wide infrastructure and the tooling necessary to tie this into desktop sessions.

Tentative Schedule

Topics that are under consideration for this microconf include (but are not limited to):

  • Getting TPM support into bootloaders
  • Figuring out how to distribute known-good hashes
  • Designing a robust mechanism for re-sealing secrets over upgrades
  • Choosing a TPM 2.0 stack
  • Cloud use cases for the TPM (Key Escrow for VPNaaS; Attestation to end customers; …)
  • Implementing a Key Cache Manager (should this be in-kernel)? Beyond a key cache, the manager also has to handle session swapping, regapping, getcapability virtualization, and perhaps priority and privilege.

Key Attendees

Interested in Attending

Contacts

Matthew Garrett mjg59@coreos.com

Ken Goldman kgoldman@us.ibm.com

 
2016/tpms.txt · Last modified: 2016/10/16 09:04 by 165.156.28.4
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki