September 20-21, 2023 | Bilbao, Spain + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right above "Filter by Date."

IMPORTANT NOTE: The timing of sessions is subject to change.

Back To Schedule
Thursday, September 21 • 09:05 - 09:40
Hardware-backed Per-process Secrets - Matthew Garrett, Aurora

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Trusted Platform Modules provide a secure mechanism for generating and using secrets that are hidden from the entire operating system, and only exported in the form of encrypted blobs that can only be re-used on the same TPM. However, if a malicious actor is able to obtain a copy of one of these blobs, they will be able to load it into the same TPM and make use of it in the same way. This presentation describes a proposed mechanism for allowing secrets to be associated with specific processes or applications with effectively arbitrary granularity - for instance, a secret may be associated with a specific process such that it can never be used again after that process exits, or it may be associated with a namespace such that it is only available within a specific namespace. This functionality is enabled with a minimal amount of additional kernel functionality and can be made use of by existing TPM-aware applications with a minimal amount of additional code.


Matthew Garrett

Security Architect, Aurora
Matthew Garrett works on low-level security functionality, integrating functionality that exists at the hardware or firmware level with OS-level code to enable novel security features. He currently applies this at Aurora, helping improve the security of devices ranging from phones... Read More →

Thursday September 21, 2023 09:05 - 09:40 CEST
Room 5A
  Short Topics
  • Presentation Slides Attached Yes