Open Source Summit + ELC North America 2019

Once a new device leaves IT and enters user hands, maintaining confidence in the security of the device is a challenge. When access to network resources relies on credentials provided by the device, remote systems cannot tell the difference between a secure device running a trusted operating system and an adversary.

Most modern machines have TPMs, and every TPM has its own cryptographic identity. Firmware and bootloaders use the TPM to generate verifiable logs of the entire boot process - but this data is rarely used to its full potential. In this talk, we explain how Google uses this functionality to build trust in a fleet of geographically diverse machines. We discuss the challenges of establishing a strong, hardware-backed identity for each machine, and how we use remote attestation to prove our devices are running a sanctioned boot chain. Finally, we present newly-released cross platform open source libraries we have built to allow anyone else to build equivalent infrastructure.