Shipping known-good PCR values

Session information has not yet been published for this event.


One Line Summary

How can we make it easier to seal secrets to TPMs?


One of the strengths of TPMs is the ability to seal secrets and keys such that they can’t be used unless the system booted in an appropriate configuration. But without knowing these values in advance, how can we configure systems appropriately? This session will briefly cover the difficulties involved, suggest a couple of solutions and offer an opportunity to discuss how practical they are for integration into distributions.


  • Biography

    Matthew Garrett is a security developer at CoreOS, developing technologies to improve the security of containers and the systems that run them. He has a background in firmware integration, power management and fruitfly genetics and so has atypical ideas about system complexity and the ease of reverse engineering. A board member at the Free Software Foundation and a a member of the Linux Foundation Technical Advisory Board, he has strong feelings on high-quality Free Software.