Don't miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Recoverable, Tamper-resistant Full-disk Encryption at the Distributed Edge - Kobus van Schoor, DataProphet
This talk presents a fully open-source framework to achieve secure full disk encryption (FDE) for TPM-equipped Edge devices (IoT), balancing strong security guarantees with practical maintainability at scale. We address key features including automated disk unlocking and recovery, monitoring and remote access. The talk will cover the following:
* A fully verified boot chain, from EFI firmware through the initramfs. We'll cover which system components to verify and common pitfalls to avoid when setting up a secure boot chain.
* A newly-developed, open-source TPM PCR prediction mechanism enabling seamless reboots after kernel or initramfs updates.
* Automated disk encryption key onboarding and recovery using Tang and Clevis.
* Secure remote access and fleet observability while disks remain locked - using WireGuard, SSH, and Prometheus.
* Guidance on how to extend the initramfs (dracut) with your own tooling.
* Discussion of shortfalls and potential security risks
Our aim with this talk is to help you make FDE convenient, recoverable and monitored to make large-scale rollouts possible.