OpenPOWER: Host OS (Linux Kernel) Secure Boot Key Management – Nayna Jain, IBM
OpenPOWER: Host OS (Linux Kernel) Secure Boot Key Management – Nayna Jain, IBM
Forum 1
Speakers: Nayna Jain
OpenPOWER Secure Boot provides an open and flexible model to manage keys that are used by Linux based bootloader to further verify and load the Host Operating System(Linux Kernel). The main features of this model are:
– A pluggable architecture to support different key hierarchies and update mechanisms based on vendors’ choice.
– A choice for vendors to preload the OS or sysadmins to reinstall the OS in the secureboot state.
This talk discusses the end-to-end solution of OpenPOWER Host OS Secure Boot Key Management which involves managing ownership and authority over the keys, authenticated updates, securing the stored keys, blacklisting and compatibility for the userspace tools. The design spans across the firmware, kernel and userspace. The firmware and kernel patches, which also includes their interfaces, are being actively reviewed by the community.
linux foundation
