back

System Transparency

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:19:13
Language
English
Abstract
-

The ever increasing usage of cloud-based software forces us to face old questions about the trustworthiness of our software. While FLOSS allows us to trust software running on our platforms, System Transparency establishes the same level of trust in SaaS and IaaS scenarios.

In a System Transparency context, all parties that depend on the services of a particular server can retrieve the complete source code of firmware and OS running on it. They can reproduce all binaries and verify remotely that these were run as part of the boot process. This gives every user the ability to verify claims of the service provider like the absence of logs or lack of backdoor access.

System Transparency accomplishes this by
- giving every server a unique, cryptographic identity that is kept in a hardware trust anchor,
- using a provisioning ritual to associate this identity with a particular hardware,
- running the FLOSS firmwares coreboot and LinuxBoot instead of proprietary UEFI implementations,
- building firmware and OS images are reproducible,
- retrieving all OS images from the network, keeping only minimal state on the disk,
- signing all OS images as well as listing them in a public append-only log and
- minimizing administrator access to prevent invisible changes to the OS after it has been booted.

This talk introduces System Transparency and details the platform security features we implemented as part of our reference system. We also describe our reference implementations’ custom bootloader based on LinuxBoot. It verifies that boot artifacts are signed by the server owner and are in the transparency log before continuing. This makes sure that 3rd parties can audit past and present artifacts booted on the platform. Finally, we demo a modern x86 server platform running our prototype coreboot/LinuxBoot stack.

Talk ID
36c3CW-139
Event:
36c3-chaoswest
Day
2
Room
Chaos-West Bühne
Start
1 p.m.
Duration
00:20:00
Track
All about computers
Type of
Einfacher Slot
Speaker
seu
Talk Slug & media link
36c3-139-system-transparency
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 2 years, 2 months ago