Christian Grönke

I am a firmware and embedded systems engineer with experience in safety‑critical operating systems, high‑security platform design, and host firmware development for modern hardware platforms. I have spent the past decade working on microkernel‑ and Linux‑based systems for defense and high‑assurance environments, focusing on partitioning, isolation, and robust system architectures that meet safety and security certification requirements.

Most recently, I have led open‑source firmware efforts at 9elements, driving host firmware projects around coreboot, EDK2 (UEFI), and secure storage. Contributing to the development of secure and transparent firmware solutions for servers and security‑sensitive platforms.

go-tcg-storage: State of the Project and the Future

A quick tour of go-tcg-storage, the pure-Go library for driving TCG Storage self-encrypting drives. Where the project stands today, what might be next, and a perspective from someone stepping up to help maintain it.

A whole new world - Running a PBA on 'bare-metal UEFI' with TamaGo

Pre-Boot Authentication (PBA) is a software that is used in the context of Self-Encrypting Drives (SEDs) - it unlocks the drive and makes it usable for the user.

TrustedPBA is a new PBA that is based on TamaGo and is executed as a EFI application. We wanted the simplicity of Golang combined with the benefits of the running the PBA in UEFI directly. TrustedPBA provides you with these benefits and is highly customizable:

  • Different methods to unlock the drive - TPM PCR-based, TPM NVRAM-based, Password Input and many others
  • Boot Policy Configuration

TrustedPBA enables the user to chainload every operating system which includes Windows which is a common limitation of 'classical' busybox PBAs.