Hardening the kernel for Secure Boot

This proposal has been accepted as a session.


One Line Summary

What changes do we need to make to the kernel to support the Secure Boot security model?


The Secure Boot security model is based on the assumption that an OS cannot be booted unless all previously executed code is trusted. This requires that it be impossible for even a privileged user to execute code in ring 0, and so various kernel entry points must be hardened. Let’s talk about what they are and how to do that.


Leave a private comment to organizers about this proposal