Building a trustworthy computer OSCON talk by Matthew Garrett

Seth list at sysfu.com
Fri Jul 24 15:45:10 PDT 2015


Not sure if anyone was attending OSCON today and caught this talk earlier,  
but if have audio or video please post.

http://www.oscon.com/open-source-2015/public/schedule/detail/41536

Building a trustworthy computer
Matthew Garrett (CoreOS)
11:10am–11:50am Friday, 07/24/2015
Protect D139/140
Tags: Open hardware, Tools and techniques, Geek life lifestyle
Average rating: ***** (5.00, 1 rating)
Rate This Session
Slides:    
http://cdn.oreillystatic.com/en/assets/1/event/129/Building%20a%20trustworthy%20computer%20Presentation.odp

Prerequisite Knowledge
Some knowledge of the major components of a modern computer and how they  
fit together, but no detailed knowledge of firmware or hardware design is  
required.
Description

The Snowden revelations demonstrated the lengths that government agencies  
were willing and able to go to in order to subvert computers. But these  
attacks aren’t limited to state-level actors – security researchers  
continue to demonstrate new vulnerabilities and weaknesses that would  
permit sophisticated criminals to achieve the same goals.

In the face of these advanced attacks, what can we do to detect and  
mitigate them? How can we make use of existing security features, and what  
changes can we make to system design? In short, how can we ensure that a  
user can trust that their computer is acting in their interests rather  
than somebody else’s?

This presentation will cover some of the existing security features and  
recent design changes in systems that can make it easier to detect  
attacks, and provide mechanisms for defending against them in the first  
place, along with simple design changes that would make it easier for  
users to ensure that components haven’t been backdoored. In addition it  
will discuss some of the remaining challenges that don’t have solid  
answers as yet. Topics covered will include:

     Firmware security
     Trusted platform modules, attestation, and associated privacy risks
     Hardware design to support offline verification
     Remaining components that could act against the interests of the  
hardware owner

Photo of Matthew Garrett
Matthew Garrett
CoreOS

Matthew Garrett is a security developer at CoreOS, specializing in the  
areas where software starts knowing a little more about hardware than  
you’d like. He implemented much of Linux’s support for UEFI Secure Boot,  
does things with TPMs and has found more bugs in system firmware than he’s  
entirely comfortable with.




More information about the cypherpunks mailing list