Michał Żygowski
Michał Żygowski is Firmware Team Leader at 3mdeb - Embedded Systems Consulting. He is a lead developer in the company firmware projects. Always enthusiastic about advanced hardware features and network
solutions in embedded systems. Familiar with UEFI/EDK2/BIOS and numerous other technologies, but his real specialty is coreboot, which he is contributing to in the meantime. Keen on security issues and a huge fan
of open-source.
Start trusting Your BIOS - SRTM with vboot, TPM and permanent flash protection
In this paper, we are going to introduce Static Root of Trust Measurement with
Verified Boot using different mechanisms of SPI flash protection. We shall prove
VBoot great support for coreboot, TPM usage, and cryptographical operations,
and its ability to perform measured and verified boot. We will explain why the Root Key and Recovery Key are the most important components in the VBoot and should be well protected. As a result, we will show a mechanism for automatic decryption of a disk with the assistance of TPM and policies tied to the firmware measurements stored in the TPM.