Piotr Król
Piotr Król is an open-source firmware enthusiast who founded 3mdeb in
March 2015. His expertise is rooted in the hacker ethos of collaborative
innovation and transparency, guiding 3mdeb's focus on projects like
Zarhus OS, a Yocto-based Embedded Linux distribution, and Dasharo, a
coreboot downstream project. These projects are dedicated to open
development, embedded firmware resilience, platform security,
transparency, the right to repair, and digital sovereignty.
Piotr's deep involvement in open-source firmware includes key computing
areas such as Root of Trust, Secure, Verified and Measured Boot, TPM,
coreboot, UEFI, EDK II, Yocto, U-Boot, and Linux. He often speaks at
significant industry events like FOSDEM, Xen Developers Summit, and
Platform Security Summit, sharing his insights and promoting the
open-source firmware ecosystem. Piotr is dedicated to sharing knowledge
by serving as a Trainer at OpenSecurityTraining2, offering free and open
educational materials to advance the open-source firmware ecosystem.
Session
This talk will explore challenges and proposed strategies for implementing UEFI Secure Boot within Xen and downstream distributions like XCP-ng or Qubes OS, focusing on how these changes can enhance security and contribute to a more unified framework for future development.
We will begin by examining why UEFI Secure Boot is essential in continuing the transitive chain established by the modern static root of trust, and its synergy with TrenchBoot and DRTM technology. We will delve into the implications of the UEFI Secure Boot process, showing why simply signing bootloaders and hypervisor binaries is insufficient; a comprehensive implementation must address the entire boot chain.