LinuxSecuritySummit2011/Abstracts/Drewry dmverity

From Linux Security Wiki (obsolete)
(Difference between revisions)
Jump to: navigation, search
(Created page with "== Title == Efficient, TPM-free system integrity checking with device mapper: dm-verity == Presenter == Will Drewry and Mandeep Baines, Google == Abstract == Chromium OS is ...")
 

Latest revision as of 05:49, 15 June 2011

[edit] Title

Efficient, TPM-free system integrity checking with device mapper: dm-verity

[edit] Presenter

Will Drewry and Mandeep Baines, Google

[edit] Abstract

Chromium OS is a web-centric Linux distribution meant for use on devices with support for a static root of trust: Google Chromebooks and platforms supporting tboot. While it may seem obvious to assume that the static root of trust is extended to the remainder of the system using a TPM-based stack, like IMA, it is not. Chromium OS relies on a device mapper target which implements integrity checking through the application of a hash trie. This talk will discuss the design of the target, the observed performance characteristics, specifics of the implementation - like failure behavior - as well as the reasons motivating the departure from existing mainline integrity-validating functionality, for better and worse. Time permitting, discussion of how the target may be useful in other contexts and in the broader Chromium OS context will be explored.

Personal tools