Tamper-evident Boot with Heads

Kyle Rankin

Chief Security Officer

Purism

Author of Linux Hardening in Hostile Networks

@kylerankin


https://kylerank.in/talks/security/heads.html

Agenda

Introduction

Why Tamper-evident Boot Matters

UEFI Secure Boot

Intel Trusted Boot

Secure Boot Limitations

Heads Above the Rest

How Heads Works

Boot Security and the TPM

Boot Security and GPG Keys

Usability Challenges

Tamper-evident Demo

Questions?

Additional Resources