Heads

Tamper-evident Firmware with User-controlled Keys

Kyle Rankin

Chief Security Officer

Purism

Author of Linux Hardening in Hostile Networks

@kylerankin


https://kylerank.in/talks/security/heads.html

Introduction

Why Tamper-evident Boot Matters

UEFI Secure Boot

Intel Trusted Boot

Secure Boot Limitations

Heads Above the Rest

How Heads Works

Boot Security and the TPM

Boot Security and GPG Keys

Usability Challenges

Current Status

Tamper-evident Demo

Questions?

Additional Resources