Version Tomorrow is the first day of the rest of your life
lecture: TBM: Trusted boot module
NLNet sponsored (open hardware) trusted boot module
The Trusted Boot Module is an open hardware module that enables all kind of devices (routers, embedded boards, laptops, desktops) to boot to a trusted state by loading only trusted code - while keeping the owner of the hardware in control.
The TBM project is an initiative of Whitebox Systems, supported by NLNet Foundation. It is designed to attempt to prevent permanent remote compromise of individual (ARM-based) systems that operate in decentralised networks, but can also work on a smaller scale - for personal devices: laptops, routers, servers, etc. The TBM is packaged as an hardware module external from the
ARM processor based system. The TBM requires that a system can boot from a medium that can be forced read-only (e.g. SPI NOR Flash, like most motherboards, laptops, servers and routers) in addition to a UART connection. The TBM board will be open hardware and the software running on the TBM will be open source.
The owner (user) of the hardware is in control of the TBM -- the owner is not locked out. The TBM does not attempt to prevent against attacks from local (physical) attackers. It is not an implement of UEFI nor is it a 'classical' TPM.
The TBM will bring a system into a known trusted state. It does not make guarantees about the system after bringing it to the initial trusted state, until a reboot - it will then ensure the system is brought to a trusted state again, effectively making remote attacks temporary with no effective way to install a permanent backdoor.
The TBM attempts to prevent downgrade attacks, allows for flexible key management (if required), and can, in the most flexible configuration, require multiple parties to sign software that is to be trusted.
Combined with reproducible builds, we hope to show that one can construct (and remotely update) secure systems for decentralised systems/networks, within reasonable limitations.
The system is aimed to be used, initially in a pilot setting, in the Whitebox system - a decentralized system for controllable exchange of medical information.