Secure Boot Encryption with Linux
Regulärer Preis:
26,99 €
Sofort verfügbar
Secure Boot Encryption with Linux, Apress
Implementation for Embedded Developers
Von Rodolfo Giometti, im heise shop in digitaler Fassung erhältlich
Produktinformationen "Secure Boot Encryption with Linux"
Secure Boot Encryption with Linux serves as a quick guide to building and
maintaining a secure, embedded Linux system by establishing a verifiable
Chain-of-Trust from the moment power is applied until the first user space
application takes control. It meticulously breaks down what the Secure Boot
implementation is, and critically, what it is not by providing the technical
knowledge necessary to guard against sophisticated bootkits and unauthorized
code execution.
We begin by dissecting the Linux Cryptographic Subsystem and the core mechanism
for secret protection: the Linux Key-Management Facility (Keyring). It provides
an in-depth, practical guide to implementing Trusted Keys and Encrypted Keys,
detailing how these secrets are secured by tying them to specialized hardware
like the Trusted Platform Module (TPM). This unique focus ensures that critical
encryption and signing keys are never exposed to user spaces, neutralizing the
impact of successful root-level exploits. Next, we explore the implementation of
a full Secure Boot Chain-of-Trust. Readers will learn how the Chain-of-Trust
works from the initial pre-bootloader (e.g., U-Boot SPL or the Arm Trusted
Firmware), through the main bootloader, up to the kernel and the root
filesystem. This process guarantees that only code signed by a trusted authority
is executed, providing unparalleled protection against firmware injection and
persistent bootkits. We finish by looking at a blue print for Secure System
Lifecycle Management, integrating the kernel's key-management with Transparent
Encryption (dm-crypt) for the root filesystem and detailing the procedures for
maintaining security over time.
By focusing on root-proof key management and end-to-end integrity enforcement,
this pocket guide is essential reading for developers and security architects
who need to build resilient Linux products that meet the highest standards of
modern cybersecurity.
You Will Learn:
- How to implement and manage cryptographic secrets using the Linux Key-Management Facility (Keyring)
- Understand how to use the Linux Crypto API for secure hashing, signing, and encryption operations
- How to establish an unbreakable Chain-of-Trust that verifies the integrity and authenticity of every system component, from the initial hardware Root-of-Trust and the pre-bootloader to the final Linux kernel load.
- How to achieve Transparent Full Disk Encryption by integrating the secure Keyring with key technologies for data confidentiality for OS and Kernel levels
Artikel-Details
- Anbieter:
- Apress
- Autor:
- Rodolfo Giometti
- Artikelnummer:
- 9798868828188
- Veröffentlicht:
- 30.06.26
Barrierefreiheit
This PDF has been created in accordance with the PDF/UA-1 standard to enhance accessibility, including screen reader support, described non-text content (images, graphs), bookmarks for easy navigation
- entspricht den Vorgaben der PDF / UA 1 (05)
- keine Vorlesefunktionen des Lesesystems deaktiviert (bis auf) (10)
- navigierbares Inhaltsverzeichnis (11)
- logische Lesereihenfolge eingehalten (13)
- kurze Alternativtexte (z.B für Abbildungen) vorhanden (14)
- Inhalt auch ohne Farbwahrnehmung verständlich dargestellt (25)
- hoher Kontrast zwischen Text und Hintergrund (26)
- Navigation über vor-/zurück-Elemente (29)
- alle zum Verständnis notwendigen Inhalte über Screenreader zugänglich (52)
- Kontakt zum Herausgeber für weitere Informationen zur Barrierefreiheit (99)