Collaborative Working Sessions - Low level verifications

Low-level verification Notes

Embedded systems typically require cross-compile.

Embedded systems have hosts, which usually change after their life-cycle (10-20 yrs). How to ensure the synchronization of host information before and after?

What’s the minimal reproducible sets (e.g.: compiler flags / etc.)?

What’re challenges for compression / size limitations?

What writable FS images do RB need?

How to make RB meaningful for embedded systems? Attestation?

Shim: Microsoft signed a small boot-loader as the root of trust.

Reduce shim size

How far does UKI satisfy RB?

Kernel RB: depends on config. (commands / etc. need to be attached to repo)

Signing key problem

Load third-party user modules 


Device issue maybe matters maybe not..

Trust compiling is hard