Konferenzen und Rahmenprogramm
Timon, Rex and Tux: How TPMs and On-Chip Security Modules Improve Trust and Security in GNU/Linux
Although Hardware Security Modules (HSM) to accelerate cryptographic operations and perform authenticated or encrypted boot have been integrated into numerous SoC for years, they are rarely used in today's applications. Implications of using them (both positive and negative) are mostly unknown to the majority of designers. At the same time, Trusted Platform Modules (TPM) are established more and more in embedded and industrial applications and support for TPM 2.0 in the Linux kernel has arrived. This prompts the question, to what extend TPMs can take over some of these functionalities. This paper gives an introduction into both technologies and their advantages and disadvantages for certain use-cases. We look into scenarios like encrypted, authenticated and measured boot over the various boot stages and the use of hardware security in the Linux Kernel and in applications such as OpenSSL, StrongSwan, along with the respective stacks involved. We show ways to combine hardware security technologies and software algorithms to create best-in-class solutions but also explore which hardware functionalities are currently supported in software and what is missing to create a complete, trusted solution. Finally, we look into project-management implications of hardware assisted security, such as total cost of ownership, ease-of-use in production and into security certifications.
--- Datum: 01.03.2018 Uhrzeit: 13:30 Uhr - 14:00 Uhr Ort: Conference Counter NCC Ost