Trusted platform modules (TPMs) have become widely adopted on modern PCs. Chances are good your computer already has one. These chips enable some clever ways to protect your data from tampering and theft, and are particularly well suited for headless/embedded systems.
This talk explores these functions on Linux with tpm2-tools: * boot measurement: prove firmware, boot loader, kernel, and other disk resident files are not tampered offline * password-less disk encryption: boot encrypted disks without user interaction or external key storage * key storage & off-cpu crypto: protect application keys (E.g. SSL, SSH) from malicious duplication
Haris Okanovic is a Software Engineer at National Instruments R&D. He maintains the NI Linux RT operating system for several lines of embedded products, based on PREEMPT_RT Linux and OpenEmbedded.