Securing the Entire Boot Chain


One Line Summary

Discussion around a trusted boot chain and how to assure your system is running the software that you intend.


Secure Boot is a single component of designing a boot process that allows users to feel secure that their systems have not been tampered with. Several other technologies (TPMs, TXT, disk encryption, remote attestation and associations between them) exist, but often require extensive manual configuration and fail to provide a seamless user experience. What would a fully secure boot chain look like, and what should we be doing to get there?"


TPM, trusted, secure


  • Biography

    Matthew Garrett is a security developer at CoreOS, developing technologies to improve the security of containers and the systems that run them. He has a background in firmware integration, power management and fruitfly genetics and so has atypical ideas about system complexity and the ease of reverse engineering. A board member at the Free Software Foundation and a a member of the Linux Foundation Technical Advisory Board, he has strong feelings on high-quality Free Software.