October 31 - November 1 - Co-Located Events
October 28-30 - Conference
Lyon Convention Centre - Lyon, France
More information for Open Source Summit + Embedded Linux Conference Europe 2019
Back To Schedule
Monday, October 28 • 12:20 - 12:55
Verifying Device Identity with TPMs - Matthew Garrett & Brandon Weeks, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
There are many cases where you'd like to know exactly which computer you're talking to. Sometimes it's because you're SSHing to a remote machine and you'd like to verify your connection isn't being intercepted. Sometimes it's because you're a VPN server and you'd like to ensure that the client is actually one of your computers, not just pretending to be one.

But what defines machine identity? You could just issue each machine with a key when it's initially enrolled, but what stops an attacker from copying it off the machine and creating as many fake computers as they want?

Most modern systems include a Trusted Platform Module, a small cryptographic device that has its own unique cryptographic identity and securely stores encryption keys. In this presentation we will demonstrate how the TPM can be used to solve the machine identity problem, making SSH trust on first use a thing of the past and ensuring that only trusted machines are able to gain access to your network infrastructure.


Matthew Garrett

Security developer, Google
Matthew is a security developer at Google, specialising in Linux security. He thinks computers were probably a mistake.
avatar for Brandon Weeks

Brandon Weeks

Security Engineer, Google
Brandon Weeks is a Security Engineer at Google. His focus is on client device security, public key infrastructure and remote attestation.

Monday October 28, 2019 12:20 - 12:55
Bellecour 3
  • Session Slides Included Yes