Heads: Tamper-evident Firmware with User-controlled Keys
Having a trustworthy boot process is the foundation of the rest of your system's security. If your BIOS, kernel, or initrd have been tampered with, an attacker can hide their backdoor from the rest of the system. This talk will discuss the security threats against the boot process and briefly cover some other approaches to protect against boot-time attacks but the talk will primarily focus on Heads, an open source project that provides tamper-evident boot. I will discuss how Heads works, how it differs from other secure boot approaches, and demonstrate how it protects against tampering.