NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Wednesday, July 1 • 11:15am - 12:05pm
Using Hardware Security Modules to Protect your Block Devices - Reinhard Buendgen, IBM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In Linux, dm-crypt is the technology of choice to encrypt data on disks. For encrypted data the major challenge is to protect data encryption keys such that the system can be automatically started i.e. w/o a user interactively entering some kind of password.

We have implemented a solution to use dm-crypt with keys that are protected by a hardware security module (HSM). At the open source summit in 2017 we have described our kernel functions and a potential approach for integrating our solution in cryptsetup. This presentation will present the actual key management solution that was accpeted upstream consisting of a combination of extenstions to cryptsetup and new tooling to manage a key repository.

In addition, this presentation will discuss the main challenges to over come in integrating HSM protected keys in to the dm-crypt framework and continue with more advanced topics in operating such disks like accessing the right HSM, providing redundant HSM access, allowing to encrypt the root partition, and management of dm-crypt keys needed when HSM master key changes.


Reinhard Buendgen

Crypto Architect for Linux on Z, IBM
Reinhard Buendgen studied computer science at the universities of Karlsruhe, Germany and Delaware in Newark, DE. In 1991 he earned a Ph.D in computer science at the University of Tuebingen. Until 1997 he worked at the University of Tuebingen as a researcher and lecturer. During is... Read More →

Wednesday July 1, 2020 11:15am - 12:05pm CDT
Linux Systems Theater