Not sure if anyone was attending OSCON today and caught this talk earlier, but if have audio or video please post. http://www.oscon.com/open-source-2015/public/schedule/detail/41536 Building a trustworthy computer Matthew Garrett (CoreOS) 11:10am–11:50am Friday, 07/24/2015 Protect D139/140 Tags: Open hardware, Tools and techniques, Geek life lifestyle Average rating: ***** (5.00, 1 rating) Rate This Session Slides: http://cdn.oreillystatic.com/en/assets/1/event/129/Building%20a%20trustworth... Prerequisite Knowledge Some knowledge of the major components of a modern computer and how they fit together, but no detailed knowledge of firmware or hardware design is required. Description The Snowden revelations demonstrated the lengths that government agencies were willing and able to go to in order to subvert computers. But these attacks aren’t limited to state-level actors – security researchers continue to demonstrate new vulnerabilities and weaknesses that would permit sophisticated criminals to achieve the same goals. In the face of these advanced attacks, what can we do to detect and mitigate them? How can we make use of existing security features, and what changes can we make to system design? In short, how can we ensure that a user can trust that their computer is acting in their interests rather than somebody else’s? This presentation will cover some of the existing security features and recent design changes in systems that can make it easier to detect attacks, and provide mechanisms for defending against them in the first place, along with simple design changes that would make it easier for users to ensure that components haven’t been backdoored. In addition it will discuss some of the remaining challenges that don’t have solid answers as yet. Topics covered will include: Firmware security Trusted platform modules, attestation, and associated privacy risks Hardware design to support offline verification Remaining components that could act against the interests of the hardware owner Photo of Matthew Garrett Matthew Garrett CoreOS Matthew Garrett is a security developer at CoreOS, specializing in the areas where software starts knowing a little more about hardware than you’d like. He implemented much of Linux’s support for UEFI Secure Boot, does things with TPMs and has found more bugs in system firmware than he’s entirely comfortable with.