TrenchBoot Anti Evil Maid for Qubes OS

Post Syndicated from original https://lwn.net/Articles/921870/

The Qubes OS news site has a
detailed article
on work being done to ensure the integrity of the
system at boot time.

As you may know, traditional firmware security measures like UEFI
Secure Boot and measured boot, even with a Static Root of Trust
(SRT), may only sometimes be enough to ensure a completely secure
environment for your operating system. Compromised firmware may
allow for the injection of malicious software into your system,
making it difficult to detect. To overcome these limitations, many
silicon vendors have started implementing Dynamic Root of Trust
(DRT) technologies to establish a secure environment for operating
system launch and integrity measurements. We’re excited to take
advantage of these advancements through integration with the
TrenchBoot Project.