Hardening an Application-specific Linux
Linux distributions go to great lengths to do general purpose hardening of their kernels, packages, and configurations. They build with various source fortification and hardening flags, and then upstream patches to fix various bugs that compilers or other static analysis/source fortification warn about. These are extremely valuable when it comes to operating system hardening.
But suppose you are building what is essentially an application-specific Linux, or an "appliance" like a smart TV, weather station, or network controller. Given that the weather station will collect and transmit weather data, there's no reason to ship kernel drivers 3dfx video cards from the mid 1990's; but general purpose distributions do. When building an application-specific Linux, OS teams can trim this, and a lot of other fat, in addition to enabling extra hardening options and flags that general purpose distributions cannot.
Further, your appliance may want to use the TPM for various reasons (secure boot, IMA measurement and remote attestation, etc.). These things are useful to ensure you're running the code you think you're running. But without sufficient chain of trust, the TPM PCRs can be tampered with, rendering your measurements useless.
In this talk, Tycho will touch on all of these topics, pointing out various opportunities for application-specific hardening as well as giving a brief overview of our strategy for protecting the TPM.
Denver, Colorado, USA
Cisco Systems, Inc.
Tycho is an engineer at Docker working on LinuxKit, a toolkit for building container-focused host operating systems out of Linux. He holds degrees from the University of Wisconsin--Madison and Iowa State University, and has co-authored several peer-reviewed papers. In his spare time he rides bikes and does improv comedy. The Moby Project, and other container things