LinuxSecuritySummit2011/Abstracts/Drewry dmverity
JamesMorris (Talk | contribs) (Created page with "== Title == Efficient, TPM-free system integrity checking with device mapper: dm-verity == Presenter == Will Drewry and Mandeep Baines, Google == Abstract == Chromium OS is ...") |
Latest revision as of 05:49, 15 June 2011
[edit] Title
Efficient, TPM-free system integrity checking with device mapper: dm-verity
[edit] Presenter
Will Drewry and Mandeep Baines, Google
[edit] Abstract
Chromium OS is a web-centric Linux distribution meant for use on devices with support for a static root of trust: Google Chromebooks and platforms supporting tboot. While it may seem obvious to assume that the static root of trust is extended to the remainder of the system using a TPM-based stack, like IMA, it is not. Chromium OS relies on a device mapper target which implements integrity checking through the application of a hash trie. This talk will discuss the design of the target, the observed performance characteristics, specifics of the implementation - like failure behavior - as well as the reasons motivating the departure from existing mainline integrity-validating functionality, for better and worse. Time permitting, discussion of how the target may be useful in other contexts and in the broader Chromium OS context will be explored.