August 19-21 - Co-Located Events
August 21-23 - Conference
Hilton San Diego Bayfront - San Diego, CA
More information for Open Source Summit + Embedded Linux Conference North America 2019
Friday, August 23 • 3:15pm - 3:50pm
Using TPMs to Cryptographically Verify Devices at Scale - Matthew Garrett & Tom D'Netto, Google*

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Once a new device leaves IT and enters user hands, maintaining confidence in the security of the device is a challenge. When access to network resources relies on credentials provided by the device, remote systems cannot tell the difference between a secure device running a trusted operating system and an adversary.

Most modern machines have TPMs, and every TPM has its own cryptographic identity. Firmware and bootloaders use the TPM to generate verifiable logs of the entire boot process - but this data is rarely used to its full potential. In this talk, we explain how Google uses this functionality to build trust in a fleet of geographically diverse machines. We discuss the challenges of establishing a strong, hardware-backed identity for each machine, and how we use remote attestation to prove our devices are running a sanctioned boot chain. Finally, we present newly-released cross platform open source libraries we have built to allow anyone else to build equivalent infrastructure.

avatar for Tom D'Netto

Tom D'Netto

Security Engineer, Google
Tom is a Security Engineer at Google on the Platform Security team, helping to secure Google’s fleet of devices through better detective & preventative capabilities. Prior to joining Google, he worked as a Cyber Risk Analyst for Deloitte Australia. As an avid Go enthusiast, Tom... Read More →

Matthew Garrett

Security developer, Google
Matthew is a security developer at Google, specialising in Linux security. He thinks computers were probably a mistake.

Friday August 23, 2019 3:15pm - 3:50pm PDT
Aqua Salon C
  Security & Safety
  • Session Slides Included Yes
  • Session Recorded Yes