The Linux Foundation

by The Linux Foundation · · · · 14 subscribers

Youtube uploads by TheLinuxFoundation

OpenPOWER: Host OS (Linux Kernel) Secure Boot Key Management - Nayna Jain, IBM Forum 1 Speakers: Nayna Jain OpenPOWER Secure Boot provides an open and flexible model to manage keys that are used by Linux based bootloader to further verify and load the Host Operating System(Linux Kernel). The main features of this model are: - A pluggable architecture to support different key hierarchies and update mechanisms based on vendors’ choice. - A choice for vendors to preload the OS or sysadmins to reinstall the OS in the secureboot state. This talk discusses the end-to-end solution of OpenPOWER Host OS Secure …

more...


Tags: http://gdata.youtube.com/schemas/2007#video

Older Episodes

A New Proposal for Protecting Kernel Data Memory - Igor Stoppa, Huawei Forum 1 Speakers: Igor Stoppa This is a followup to the presentation "Protecting the Protection Mechanisms" from the Security Summit 2018. The revised proposal addresses various points that were not covered in the previous implementation. Primarily, the focus …
Using a Different LSM from the Host in a Container - John Johansen, Canonical Forum 1 Speakers: John Johansen Despite containers being in broad use, there are still use cases where containers can not make use of Linux Security Modules (LSMs) in the way they would like. Particularly challenging is …
Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019 - Tong Lin & Luhai Chen, Intel To improve security, a series of hardening features (such as SMEP/PXN, SMAP/PAN, KASLR, CFI, etc.) were added to Linux kernel. Indeed, these mitigations have reduced the impact of vulnerabilities and made some exploits invalid. However, …
Dealing with Uninitialized Memory in the Kernel - Alexander Potapenko, Google Forum 1 Speakers: Alexander Potapenko During the last two years, KMSAN (a detector of uses of uninitialized memory based on compiler instrumentation) has found more than a hundred bugs in the upstream kernel using fuzzing. Telling by the kernel …
Tutorial: Using Linux Primitives to Build Your Own Containers - Stéphane Graber & Christian Brauner, Canonical Ltd. Forum 1 Speakers: Christian Brauner, Stéphane Graber Most people are familiar with various container tools including Docker, LXC and LXD. But they rarely are familiar with the kernel features enabling those tools. To …
Upcoming x86 Technologies for Malicious Hypervisor Protection - David Kaplan, AMD Forum 1 Speakers: David Kaplan This talk will introduce AMD SEV-SNP (Secure Nested Paging), the next generation of AMD’s x86 virtualization isolation technology. Building upon the existing AMD SEV and AMD SEV-ES features released in 2017, SEV-SNP provides additional …
Keylime - An Open Source TPM Project for Remote Trust. - Luke Hinds, Red Hat Forum 1 Speakers: Luke Hinds Keylime (keylime.dev) is a young, rapidly growing open source project originally created in the security research department of MIT's Lincoln Laboratory. It provides a way of measuring the cryptographic hardware …
Tracing: The Bane of You Security Folks - Steven Rostedt, VMware Inc Forum 1 Speakers: Steven Rostedt Tracing has the opposite purpose of security. Security tries to hide secrets, and the less the Linux kernel allows user applications know, the better the security. Tracing on the other hand, tries to …
Exploiting Race Conditions Using the Scheduler - Jann Horn, Google Forum 1 Speakers: Jann Horn This talk shows how two bugs involving somewhat narrow- looking race windows (https://crbug.com/project-zero/1695 in the Linux kernel, https://crbug.com/project-zero/1741 in Android userspace code) can be stretched wide enough to win the race conditions on a Google …
Zephyr Project Security Status - David Brown, Linaro Forum 1 Speakers: David Brown In this talk, David Brown will give an overview of recent and ongoing work on security in the Zephyr Project. The Zephyr Project is a Linux Foundation hosted collaboration project, a real time embedded OS (RTOS) optimized …
LSM Stacking - What You Can Do Now and What's Next - Casey Schaufler, Intel Forum 1 Speakers: Casey Schaufler Before the 5.1 Linux kernel it was only possible to combine Linux security modules (LSM) that don't use extended security "blobs". With the introduction of infrastructure blob management it is …
Kernel Runtime Security Instrumentation - KP Singh, Google Forum 1 Speakers: KP Singh Existing Linux Security Modules can only be extended by modifying and rebuilding the kernel, making it difficult to react to new threats. Kernel Runtime Security Instrumentation (KRSI) [1] aims to provide an extensible Linux Security Module (LSM) …
Securing TPM Secrets with TXT and Kernel Signatures - Paul Moore, Cisco Forum 1 Speakers: Paul Moore This presentation will discuss a work in progress to secure data in the TPM2’s NVRAM using Intel’s TXT and extensions to tboot to support kernel signature verification. The ultimate goal being the ability …
CRIU and SELinux - Adrian Reber, Red Hat Forum 1 Speakers: Adrian Reber To implement container live migration with Checkpoint/Restore in Userspace (CRIU) for container runtimes which are using SELinux, CRIU needs to handle SELinux labeling correctly. This talk will describe what was necessary to be able to fully restore …
Open Source Summit North America 2019 - Highlights Credit: Swapnil Bhartiya, TFIR
Open Source Summit North America 2019 - Kids Day Credit: Swapnil Bhartiya, TFIR
Keynote: Open Source: From Community Collaboration to Commercialization - What's Next?- Arpit Joshipura, General Manager of Networking, Edge/IoT, The Linux Foundation
Cyclic Tests Unleashed: Large-Scale RT Analysis with Jitterdebugger - Wolfgang Mauerer, Siemens AG Jitterdebugger is a new tool for testing the preempt_rt real-time extensions for the Linux kernel. While the basic principles for this endeavor (run a cyclic task on one or more CPUs, and store the measured latencies) seem …
Creating a BT PAN/USB RNDIS Router using OpenWrt - Koichi Okamoto & Masayuki Ishikawa, Sony Video & Sound Products Inc This is the story of creating an router for BT PAN with Bluez running on OpenWrt (running on WZR-HP-G300NH) as well as Remote NDIS on LAN side.The main benefit part …