TrenchBoot: Enhancing System Security with Intel TXT and AMD SVM

Explore the TrenchBoot project and its implementation of SecureLaunch boot capability in this 37-minute conference talk from the Linux Foundation. Dive into the cross-community open-source integration project designed to enhance hardware-rooted, late launch integrity for both open and proprietary systems. Learn how TrenchBoot reduces attack surfaces introduced by platform firmware and enables the Linux kernel to utilize Intel TXT or AMD SVM Secure Launch for improved platform hardware security. Discover the architecture behind TrenchBoot, the role of SecureLaunch, and the project's primary objectives. Gain insights into how DRTM-enabled capabilities can be integrated into Linux distributions for client, server, and embedded platforms. Follow the presentation as it covers topics such as integrity and trust, dynamic launch, the transfer project, the integrity ecosystem, and the secure launch phases. Examine the grub walkthrough, project status, and history, as well as technical aspects like SLBoot, Kernel Info Patch, and the Security Engine.

Introduction
Integrity and Trust
Dynamic Launch
Transfer Project
Why Transfer
Motivation
Integrity Ecosystem
TrenchBoot
Secure Launch for Linux
Dynamic Launch Ecosystem
Standard Use Case
Secure Launch Phase
grub walkthrough
Project status
Project history
SLBoot
Kernel Info Patch
Secure Launch Patch
Security Engine
Questions Answers