Firmware is the new Software

Trammell Hudson
Two Sigma

Secure firmware is the foundation of secure systems. If we want to build slightly more secure systems they will require open, auditable and measured firmware. If we can’t read and audit the firmware code, we can’t reason about what is going on during the critical phases of the boot process; if we can’t modify and reproducibly build the firmware, we can’t fix vulnerabilities or tailor it to our needs; and if the firmware isn’t measured and attested, we can’t be certain that our system hasn’t been tampered with.

LinuxBoot is a way to achieve all three of these properties and makes it possible to replace closed source, proprietary firmware with modern, well-tested and user-extensible code. In this talk I’ll present an overview of LinuxBoot, the Heads firmware, and how they work with moderately secure operating systems like Qubes to maintain a chain of trust from the reset vector to launching user VMs on laptops and servers.


🔎 Boot Integrity
Slides


Source Code

References

Presenter