Machine OS, designed for appliances used in lights-out/hands-off
environments, is an environment for Secure and Trusted booting of an
image-based Linux OS leveraging TPM 2.0 security chips to guard unique
platform secrets only made available if the chain of trust from the
platform, through the kernel and into user-space is verified. The platform
secret is used to attest, at runtime, device and software veracity for
creating clusters of systems with a common root of trust extended from the
platform.
The secured (PCR7) initial environment of Machine OS checks a signed (Machine
OS CA) manifest of images present. It then verifies (dm-verity) the images
before handing over execution control. Machine OS leverages opensource tools
for building (project-stacker), signing (notary/cosign) and hosting
(project-zot) such images. The design of Machine OS has some similarities
with the UAPI proposal for Trusted/SecureBoot, making for an interesting
comparison on design goals.
Our design is focused around the goal not of preventing alternative boot
images, but denying all images which are not verified access to a set of
TPM-protected secrets. Furthermore, to support re-use of a single signed UKI
by multiple unrelated projects, image manifests are signed by product
certificates which are all signed by one company-wide CA, whose certificate is
shipped as part of the (protected) UKI.