James Bottomley is a Partner Architect at Microsoft where he works on
Linux and allied technologies.  He is also Linux Kernel maintainer of
the SCSI subsystem. He has been a Director on the Board of the Linux
Foundation and Chair of its Technical Advisory Board. He went to
university at Cambridge for both his undergraduate and doctoral
degrees after which he joined AT&T Bell labs to work on Distributed
Lock Manager technology for clustering. In 2000 he helped found
SteelEye Technology, a High availability company for Linux and
Windows, becoming Vice President and CTO.  He joined Novell in 2008 as
a Distinguished Engineer at Novell's SUSE Labs, Parallels (later Odin)
in 2011 as CTO of Server Virtualization, IBM Research in 2016 and
Microsoft in 2024.
 

Presentations

23x

Enhancing TPM security in the Linux Kernel

Recent security updates to Linux, such as the new Systemd Unified Kernel Image rely on the discrete or firmware integrated TPM (Trusted Platform Module) to verify boot and release secrets securely. However, there are many known attacks against the TPM chip itself. We will discuss the newly upstreamed Linux Kernel TPM security patches, which not only provide a basis for securely communicating with the TPM but also provide a novel defences against a wide variety of TPM based attacks by using a unique (to Linux) null key scheme. This talk will cover what TPM based attacks are (including interposer attacks), how the Trusted Computing Group expects you to tell you're talking to a real TPM and how you can communicate with it securely and use its policy statements to govern key use and release. We will then move on to how the new Linux Kernel patches extend this and can be leveraged to validate the TPM on every boot and continually monitoring it for any TPM interposer substitutions in real time.  The new TPM trust verification tools are available under LGPL as ancillary tools in the upser space openssl tpm engine project.

 

See Presentation