Machine OS, designed for appliances used in lights-out/hands-off environments, is an environment for Secure and Trusted booting of an image-based Linux OS leveraging TPM 2.0 security chips to guard unique platform secrets only made available if the chain of trust from the platform, through the kernel and into user-space is verified. The platform secret is used to attest, at runtime, device and software veracity for creating clusters of systems with a common root of trust extended from the platform.
The secured (PCR7) initial environment of Machine OS checks a signed (Machine OS CA) manifest of images present. It then verifies (dm-verity) the images before handing over execution control. Machine OS leverages opensource tools for building (project-stacker), signing (notary/cosign) and hosting (project-zot) such images. The design of Machine OS has some similarities with the UAPI proposal for Trusted/SecureBoot, making for an interesting comparison on design goals.
Our design is focused around the goal not of preventing alternative boot images, but denying all images which are not verified access to a set of TPM-protected secrets. Furthermore, to support re-use of a single signed UKI by multiple unrelated projects, image manifests are signed by product certificates which are all signed by one company-wide CA, whose certificate is shipped as part of the (protected) UKI.
Speakers: Ryan Harper