The ever increasing usage of cloud-based software forces us to face old questions about the trustworthiness of our software. While FLOSS allows us to trust software running on our platforms, System Transparency establishes the same level of trust in SaaS and IaaS scenarios.
In a System Transparency context, all parties that depend on the services of a particular server can retrieve the complete source code of firmware and OS running on it. They can reproduce all binaries and verify remotely that these were run as part of the boot process. This gives every user the ability to verify claims of the service provider like the absence of logs or lack of backdoor access.
System Transparency accomplishes this by
- giving every server a unique, cryptographic identity that is kept in a hardware trust anchor,
- using a provisioning ritual to associate this identity with a particular hardware,
- running the FLOSS firmwares coreboot and LinuxBoot instead of proprietary UEFI implementations,
- building firmware and OS images are reproducible,
- retrieving all OS images from the network, keeping only minimal state on the disk,
- signing all OS images as well as listing them in a public append-only log and
- minimizing administrator access to prevent invisible changes to the OS after it has been booted.
This talk introduces System Transparency and details the platform security features we implemented as part of our reference system. We also describe our reference implementations’ custom bootloader based on LinuxBoot. It verifies that boot artifacts are signed by the server owner and are in the transparency log before continuing. This makes sure that 3rd parties can audit past and present artifacts booted on the platform. Finally, we demo a modern x86 server platform running our prototype coreboot/LinuxBoot stack.