We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

MachineOS: a Trusted, SecureBoot Image-based Container OS

Formal Metadata

Title
MachineOS: a Trusted, SecureBoot Image-based Container OS
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Machine OS, designed for appliances used in lights-out/hands-off environments, is an environment for Secure and Trusted booting of an image-based Linux OS leveraging TPM 2.0 security chips to guard unique platform secrets only made available if the chain of trust from the platform, through the kernel and into user-space is verified. The platform secret is used to attest, at runtime, device and software veracity for creating clusters of systems with a common root of trust extended from the platform. The secured (PCR7) initial environment of Machine OS checks a signed (Machine OS CA) manifest of images present. It then verifies (dm-verity) the images before handing over execution control. Machine OS leverages opensource tools for building (project-stacker), signing (notary/cosign) and hosting (project-zot) such images. The design of Machine OS has some similarities with the UAPI proposal for Trusted/SecureBoot, making for an interesting comparison on design goals. Our design is focused around the goal not of preventing alternative boot images, but denying all images which are not verified access to a set of TPM-protected secrets. Furthermore, to support re-use of a single signed UKI by multiple unrelated projects, image manifests are signed by product certificates which are all signed by one company-wide CA, whose certificate is shipped as part of the (protected) UKI.