Lennart Poettering

Let's look at what Trusted Platform Modules (TPM) chips can do for you, and how they can help protecting your systems from online and offline attacks. We'll specifically focus on Linux image-based OSes, and how to secure them properly with a TPM and related technologies. We'll look at possible avenues for generic Linux distributions to make use of the now ubiquitous TPMs and how to catch up with ChromeOS, Windows and other OSes on this front.

We'll discuss concepts such as TPMs, UKIs, SecureBoot, DDIs, dm-verity, LUKS and more.

The concept of home directories on Linux/UNIX has little changed in the last 39 years. It's time to have a closer look, and bring them up to today's standards, regarding encryption, storage, authentication, user records, and more.

In this talk we'll talk about "systemd-homed", a new component for systemd, that reworks how we do home directories on Linux, adds strong encryption that makes sense, supports automatic enumeration and hot-plugged home directories and more.

The boot loader specification defines a generic drop-in based solution for defining boot targets. sd-boot is a boot loader for UEFI systems, and included in the systemd source tree. In this talk we'll have a closer look on the what, the why and the how of the specification and the boot loader. #### Über mich Lennart arbeitet für Red Hat und hat systemd verbrochen, und allerlei anderes. Lennart works for Red Hat and (co-)created systemd and various other things. #### Vorwissen Knowing Linux and its basic concepts would be great. Having heard of UEFI would be excellent.

Portable Services bring certain aspects of containers to classic systemd service management. With systemd v239 Portable Services are for the first time complete and ready for users to take advantage of. In this talk we'll have a look on the underlying technical concepts, how things fit together and what the precise limitations and benefits are.

casync is a project that combines the idea of the rsync algorithm with git's idea of a content-addressable file systems into one tool for efficient delivery of OS images over the Internet. It has a focus on simplicity, accuracy and security.

casync is a new tool for delivering OS images over the Internet. It takes inspiration from the well-known tools rsync and git, and combines them in a new tool for efficient, high-frequency delivery of OS images over the Internet. It is suitable of delivering VM, container, IoT, OS images.

In this talk I'd like to explain both the usecase and the technical background of the tool.

systemd is a system and service manager for Linux and is at the core of most of today's big distributions. In this presentation I'd like to explain where systemd stands in 2016, and where we want to take it.

Please join me if you are interested in the Linux platform from a developer, user, administrator PoV.

systemd is now a core component of most major distributions. In this talk I want to give an overview over everything new in the systemd project over the last year, and what to expect over the next year.

With kdbus we move the D-Bus IPC system into the Linux kernel to improve performance and functionality while keeping compatibility.

Most more modern OS designs than Unix started out with a high-level IPC from the beginning, and then built the rest of the OS on top of it. Linux/Unix began with only the most basic low-level IPC primitives in place (Pipes and AF_UNIX sockets). Building on those over time various higher-level IPC systems were built, but only very few stood the test of time or became universal. On current Linux systems the best established high-level IPC layer is D-Bus. It implements a reliable message passing scheme, with access control, multicasting, filtering, introspection and supports a flexible object model.

D-Bus is a powerful design. However, being mostly a userspace solution its latency and throughput are not ideal. A full transaction consisting of method call and method reply requires 10 (!) copy operations for the messages passed. It is only useful for transfer of control messages, and not capable of streaming larger amounts of data.

In this talk I'd like to discuss the "kdbus" IPC system, a kernel implementation of the D-Bus logic and its userspace side. "kdbus" takes the concepts of classic D-Bus but makes them more universally useful, reducing latency and roundtrips, and increasing bandwidth, even covering streaming usecases. (For comparison, with kdbus, a full transaction takes only 2 copy operations, even supporting zero-copy for large messages). I'll discuss the lessons we learnt from Android's binder, Solaris' doors IPC system, and Mach's port scheme. We'll discuss how we implemented a reliable (though probabilistic) multicasting scheme, and the tricks we used in userspace to make transparent zero-copy work, without compromising on security, and providing compatibility with classic D-Bus.

kdbus might soon show up in your favourite distribution as part of the systemd package, please attend if you want to know more about the ideas behind it.

The systemd project is now two years old (almost three). It found adoption as the core of many big community and commercial Linux distributions. It’s time to look back what we achieved, what we didn’t achieve, how we dealt with the various controversies, and what’s to come next.

The systemd project is now two years old (almost three). It found adoption as the core of many big community and commercial Linux distributions. It’s time to look back what we achieved, what we didn’t achieve, how we dealt with the various controversies, and what’s to come next.