OpenPOWER Bootloader Security


The IBM Linux Technology center is developing verified boot and Trusted Computing support for the OpenPOWER bootloader, Petitboot. However, Petitboot is only a thin Linux application that kexec's the OS kernel. We're putting the majority of kernel signature verification and key management functions into the Linux kernel and firmware services. This talk is an overview of the work we're doing.