WEBVTT

00:00.000 --> 00:10.360
Um, but we want to use a lot of other sort of bits and pieces that are important there, too.

00:10.360 --> 00:14.360
So the Effy Stab is, of course, part of the UKI.

00:14.360 --> 00:19.200
Um, in certain cases we might want to have a menu, so we want something that maybe looks

00:19.200 --> 00:24.440
familiar like, like the grub menu, so we're using the grub menu right now.

00:25.080 --> 00:32.200
You need some kind of in it, RAM of FES generator, um, in order to, uh, so far, that's how we,

00:32.200 --> 00:38.440
we're making the UKI's, and then, of course, Effy variables, and.

00:45.480 --> 00:49.480
It's definitely one of the, one of the, one of the things that we're using, and that

00:49.480 --> 00:54.200
all of these things together and more that I'll talk about, form nimble, and, and that's

00:54.440 --> 00:56.200
just a really, really basic idea.

00:56.200 --> 01:03.960
Um, for people who aren't familiar with what a unified kernel image is, um, it's, uh, this, this,

01:03.960 --> 01:10.520
this way to sort of put the kernel, and the kernel command line, and the RAM of FES, and the

01:10.520 --> 01:18.600
Effy Stab, and to just have one image, which can be signed, and which, uh, sort of gets, gets rid of

01:18.680 --> 01:25.320
some of the security holes that we have currently, and, and you have a whole package, um, that

01:25.320 --> 01:30.760
can be, yes, as I, as I said, signed for, for secure boot, and which can be measured.

01:33.000 --> 01:42.360
Um, currently in nimble, we have two different schemes, um, so we can build the unified kernel

01:42.440 --> 01:49.720
image, either as, like, a switch root image, which is the case that you see here. Um, so basically,

01:51.240 --> 01:58.200
nimble would be built with the final kernel that you want to boot, and you would basically just start

01:58.200 --> 02:04.680
from, uh, start from UEFI, as I mentioned, we're keeping secure boot, so we would still have a shin,

02:05.000 --> 02:12.040
um, uh, and then you would just sort of, you know, you, you would just boot your kernel,

02:12.040 --> 02:14.680
basically, you're, you're, you're, you're, you're, you're, you're, you're, you're unified kernel image,

02:14.680 --> 02:23.240
and you would be in user space. Um, ultimately, to sort of have, um, have the, the choice to,

02:23.240 --> 02:31.640
to, uh, to choose another kernel, if you want to, um, we have a K exec version that, also, that, that,

02:31.800 --> 02:36.520
that this is already built into the, built into, of course, into the, into the nimble, into the, into the

02:36.520 --> 02:42.200
UKI, is that you would have the grub, you would, you would start booting in the same way, you start

02:42.200 --> 02:49.080
from, from Fee, you have the shin, and then you would boot, but it wouldn't be necessarily the

02:49.080 --> 02:53.240
final, the final kernel that you want to boot into, so then you could have, like, a menu that

02:53.240 --> 02:58.680
would look like rub, and, um, and could later, of course, then change if we, if we, if we want to,

02:58.760 --> 03:03.800
and then you would, how, you could choose a different kernel, um, from this menu, and then the rest

03:03.800 --> 03:11.640
would sort of proceed, um, as before. So, um, one question, of course, that we got is, like,

03:11.640 --> 03:15.240
why are, why are you doing this? There are so many bootloaders out there, um, for those of you

03:15.240 --> 03:19.480
that were here, uh, Daniel was talking about grub, everybody knows about grub, but they're also,

03:19.480 --> 03:26.920
other, other bootloaders out there, so, so why are we doing this? And so, um, when you have

03:27.000 --> 03:33.480
another bootloader, when you have, you know, it's more code that you have to maintain, and, um,

03:33.480 --> 03:38.280
so, one thing that is always that always happens is that, you know, new functionality goes into the

03:38.280 --> 03:43.720
kernel, for example, and then that has to be ported into grub, or it has to be ported into,

03:43.720 --> 03:51.080
whatever, whatever bootloader. So, in this case, your bootloader is your kernel, so you deliver features

03:51.080 --> 03:55.960
quickly, and there's much less maintenance burden, because you don't have to, you don't have to

03:56.040 --> 04:00.600
do this again, you don't have to worry if you're introducing, you know, further, further vulnerabilities,

04:01.880 --> 04:08.840
with, with your fixes. Um, we think that this would, will really increase security and security scrutiny.

04:09.480 --> 04:15.000
There are a lot of people working on the Linux kernel, a lot of people, as, as you, as you all know,

04:15.000 --> 04:23.800
I'm sure. Um, there aren't that many people working on bootloaders, and, um, so, more eyes, uh, and,

04:23.800 --> 04:29.080
and, and, again, just, one, a single, like, set of code is going to make, is going to make things

04:29.080 --> 04:35.400
more secure. Um, we think it might decrease boot time. It could be faster, especially in this

04:35.400 --> 04:40.760
bit-true case. It can be a faster, it can be a faster boot. Uh, so, that's always nice.

04:42.120 --> 04:49.080
And, yes, we would like to replace grub. Um, if for those of you who are here, uh, Daniel gave a great

04:49.160 --> 04:53.720
talk, uh, just recently about, uh, just a few, a few talks ago about all the new features that

04:53.720 --> 04:59.400
are going into grub. And it's, and it's, it's awesome. Um, grub is, grub is great. A lot of us use grub,

04:59.400 --> 05:05.400
and it's, um, it is constantly getting updated and constantly getting new features, which is wonderful,

05:05.400 --> 05:11.640
but it's also really complicated. And I, I know, I know how many, how many issues we have and,

05:11.640 --> 05:17.640
and how, how long it sometimes takes to get, um, new features there and how many vulnerabilities

05:17.720 --> 05:23.800
we also worry about and things like this. So, so, it's, uh, I think it's a noble, it's a noble goal.

05:26.280 --> 05:30.200
Um, so then you might ask, uh, well, what about the command line? I mean, one thing if you have the

05:30.200 --> 05:37.640
whole signed image, um, what if the user, for example, wants to, wants to change the command line?

05:38.040 --> 05:43.480
So there is, there are some possibilities, um, I know, so for us in, in, in, in, in fedora in

05:43.480 --> 05:51.240
Rale and sent us, um, or anyone who, using system D that system D, um, is implementing sort of

05:51.240 --> 06:04.920
signed command line, uh, bits. But we would like, uh, users to be able to, um, to add, uh, their own

06:04.920 --> 06:11.560
sort of command line if, if they, if, if it's, uh, uh, uh, to, to, to modify the command line the way they like.

06:12.280 --> 06:19.320
So, normally, um, uh, in Fee, for example. So I'm, I'm talking about Fee, but we're actually

06:19.320 --> 06:25.880
we're hoping to implement it, um, on other platforms as well. But on Fee, for example, um, you have

06:25.880 --> 06:32.360
the, uh, uh, uh, the load ups and generally it's just a string and it might be shim, for example,

06:32.360 --> 06:37.960
or grub, and, um, sometimes you can tell it what the next stage of bootloader is going to be.

06:38.920 --> 06:44.680
Um, so we want it to sort of make sort of sort of something kind of similar, or to expand this

06:44.680 --> 06:51.160
functionality, um, rather, um, and to do something what we call a shim hive.

06:52.360 --> 07:03.000
So the idea of the shim hive is that, um, um, in, in, in, in Fee, uh, it's not the implementations

07:03.000 --> 07:07.800
are better and worse, depending on, uh, well, there are many different, there are different

07:07.800 --> 07:11.960
implementations of it, and it can be better. It can be worse. Sometimes it's not as dependable.

07:12.520 --> 07:20.200
And we would, so, so the idea is to, um, build, sort of like the windows registry hive,

07:20.200 --> 07:24.920
that we would have something that we call a hive, and that's going to be the magic, so we know

07:25.000 --> 07:35.880
we know where it starts, and it will be, um, some key value pairs, and then there'll be, there'll be

07:35.880 --> 07:46.280
terminated, and we'll have a, uh, CRC 32 of the entire entire hive, so that we know, um, what's, uh,

07:46.280 --> 07:50.360
so the way, so we keep track of everything, we know we know the value of everything. So we,

07:50.440 --> 07:58.200
the idea is, so you have these key value pairs in the shim hive, um, and, and we have so far,

07:58.200 --> 08:04.920
we have, we're instituting two keys, one of which is the, um, the path to the next bootloader,

08:05.640 --> 08:11.560
and then the other one is the, is the command line, so you're not meant to read that. It's just sort of,

08:12.520 --> 08:20.760
kind of like a, a concept kind of slide, but, um, yeah, so, so that way, um, the user, well, I mean,

08:21.880 --> 08:28.280
root can, can modify the command line, um, in user space. Um, of course that'd be, it'll be

08:28.280 --> 08:32.120
altered, but we'll measure, we'll still measure, it'll be in some PCR register, I don't know,

08:32.120 --> 08:37.160
maybe in two or something like that, and, um, so we'll measure, and we'll know that there's a change,

08:37.160 --> 08:43.640
but since the whole thing is, you guys, is signed, we can still boot, when secure boot, and we don't,

08:44.440 --> 08:48.040
we know that it changes taking place, but we're still able to boot securely.

08:50.440 --> 08:57.160
Um, so another, another thing that we'd like to, we'd like to address, and which can be, um,

08:59.000 --> 09:03.800
of course, a worry with with bootloaders is fallback, and what to do with fallback. So,

09:04.280 --> 09:13.480
um, the idea is to, that we'll always have, um, especially since, uh, you know,

09:15.320 --> 09:19.400
because nimble will be based on the kernel, every time you update the kernel, theoretically,

09:19.400 --> 09:27.240
you could be updating a bootloader, which can also be scary. So, so the idea is that we would use,

09:27.240 --> 09:34.440
in, for, in Fee, um, we would use Fee variables for this. So, we would always have, like, a fallback,

09:34.440 --> 09:43.720
which is whatever you booted into, the last known good, um, uh, boot entry, and then we would have,

09:43.720 --> 09:49.320
have the, have the new one with all of, with the updates in it, and we would use these Fee variables

09:49.400 --> 09:56.920
in order to, to try the new student that we can collaborate. That's kind of the ideas that we could

09:56.920 --> 10:02.360
work together on this if people think it's, it's a nice idea. Um, so I just want to, I've been working

10:02.360 --> 10:07.480
a little bit on this, but of course, the people, it's very much not just my work, um,

10:07.480 --> 10:13.320
Nicola Freyer, uh, Peter Jones, Lil Sunderval Richard Hughes, put the vanda, or all, uh, engineers

10:13.320 --> 10:17.320
that, at Red Hat, who have worked on this, as well as some of our managers, some past people who

10:17.480 --> 10:24.200
worked on it as well. So, thank you very much, um, and, uh, if you have any questions, please.

10:26.200 --> 10:37.480
You mentioned it, uh, thank you for all those reasons and very useful. You mentioned your

10:37.480 --> 10:42.360
history and collaboration. I work with the heads project, we familiar with that. Uh, it's, it's

10:42.440 --> 10:48.200
another project that also uses a Linux current with firmware to boot your OS. Um, so there are

10:48.200 --> 10:53.240
a lot of issues here. I think that we could adopt and I wonder if some of our, so stuff that we've

10:53.240 --> 10:58.120
already implemented made to use the tool as well. That sounds cool. Yeah, of course. Um, and so

10:58.120 --> 11:02.520
you're email later with some Linux and please do. And I'll, for all these like, two, it's a very

11:02.520 --> 11:10.440
interesting. Riku, had, had, had, had, had's project, you said? Yeah, had's cool. How much of this,

11:10.440 --> 11:16.200
so it is actually implemented, are you able to execute an OS kernel at this point? Yes, um, I can,

11:16.200 --> 11:21.480
I mean, I don't know if you guys want to watch a VM boot, it's not very exciting. Oh, I'm sorry.

11:22.200 --> 11:26.120
I was asked how much of this is actually implemented if we can actually boot with the kernel. Yes,

11:26.120 --> 11:32.440
we can. Um, I have, we, so we can build it on Fedora and we have these these two cases,

11:32.520 --> 11:41.080
this which route and the K exec versions. Um, I have a VM with that, uh, insult. I can sure,

11:41.080 --> 11:45.000
I don't think you all want to watch VM's boot. It's kind of boring, but I can definitely show you

11:45.000 --> 11:50.120
if you're interested. Um, I've got one, I've got one here on my, on my laptop. So, so yeah, all of

11:50.120 --> 11:57.080
that works. Um, uh, what we're, we're doing, now, what we're doing now, more is trying to, um,

11:57.080 --> 12:06.360
to, um, uh, to test it on hardware, because, um, VMs of VMs are nice, but hardware can be finicky,

12:06.360 --> 12:10.200
and especially seeing people worry about things like K execs, for example, functioning.

12:10.200 --> 12:15.960
So we are, we are, um, testing on hardware, not as much as I'd like yet, but we have been testing

12:15.960 --> 12:23.720
of it on hardware on both x86 and aarge. And, um, we have a lot of the shim high of code written,

12:23.800 --> 12:29.560
and we're still working on the AB booting to make it the way we like, but, um, the basics are there.

12:32.600 --> 12:35.480
Sir, I have, I have so many questions, I'm afraid to do one more.

12:36.680 --> 12:43.320
That's all right. But yeah, uh, I kind of want to let you do questions. Uh, ask for the pads.

12:43.320 --> 12:48.200
Uh, yeah, it's very interesting, just that little work that it's have, uh, the manuals,

12:48.200 --> 12:55.880
paddles for code would be a lot of help. Yeah, but I have two questions for, uh, for that

12:55.880 --> 13:03.880
full, like, how, uh, how do you decide, uh, when to, like, Mars, like, the, uh, the, uh, the

13:03.880 --> 13:08.200
cartilage, uh, like, the, the update conversion that is supposed to be,

13:08.200 --> 13:16.440
Mars, as it is in the home. And, um, the second question is what about, uh, booting non-link system,

13:16.520 --> 13:31.000
um, so one question was about how we set the, how, how we decided that the boot was, was, uh,

13:31.000 --> 13:35.080
correct, and the other one is about non, non-lunics, but booting non, non-lunics.

13:38.040 --> 13:45.400
So, um, for, for setting the boot, uh, with, so in, in Fee, you always, you know, uh, you know what

13:45.480 --> 13:50.760
booted. You know what entry you booted into. So, I mean, I would say that in Fidora, we could set a boot

13:50.760 --> 13:55.160
target, and we could say, like, once you get to some system, the boot target, you reach boot,

13:55.160 --> 14:00.120
complete, or something like that, and you, you can set, you can then, in Fee, you can set, knowing,

14:00.120 --> 14:06.920
knowing what booted, you can then set the reset the boot order. Um, uh, I think that we've decided that

14:06.920 --> 14:12.120
non-lunics is something that we're not, we're going to try not to deal with, and we want Fee

14:12.200 --> 14:16.600
variables to deal with that, instead of, like, doing any kind of chain loading or anything

14:16.600 --> 14:19.080
along those lines. So, it would be through Fee.

14:28.040 --> 14:34.840
Uh, can it replace the boot for embedded systems? Um, I, I don't know, maybe it could. I think

14:34.840 --> 14:38.280
that would be nice, that would be cool, but I, I don't, I don't know.

14:38.840 --> 14:42.840
I just, not not, I don't know. No, I, not currently, no.

14:53.720 --> 15:01.080
How fast it is to have to leave KXX, and the second question is, I'm still motivated for my experience

15:01.080 --> 15:06.280
about KXX, because as far as I can tell, throughout this, to come, yes, it's going to be different

15:06.280 --> 15:14.480
in this, for who you can say, see, but if you have a much complicated environment like

15:14.480 --> 15:20.680
servers, you can make a cart, my experience, you can make this, you go, it's tough, it's

15:20.680 --> 15:32.280
some cases, you can make, you need a cart, you know, it's difficult to make it work, so

15:32.280 --> 15:36.880
what do you say, or it's because it's good to talk about what's not good for destiny

15:36.880 --> 15:41.760
reason, and so on, or really about how we got one, so what do you sell it to you in this

15:41.760 --> 15:42.760
case?

15:42.760 --> 15:48.280
I'm, unfortunately, I haven't done more testing recently, but I know that I've been,

15:48.280 --> 15:50.480
I'm sorry, I'm sorry, you're, you're, you're, you're, you're, you're, you're quite,

15:50.480 --> 15:55.680
I threw a piece of your question, Daniel was worried about K exact, mostly, unreal hardware

15:55.680 --> 16:04.480
and, and how, how, yeah, with, with weird, weird setups, my experience as far as I remember

16:04.480 --> 16:11.200
now, it's been, it's been not too bad, unreal hardware, like, the few, I don't even have

16:11.200 --> 16:19.400
the list anymore, but the, the few sort of, X86 and AR, to machines that I tried, I think one

16:19.400 --> 16:24.440
of them, I think one, one machine hung, I can't tell you what it was now, but I have, I have

16:24.520 --> 16:31.800
successfully tested on a number of, of different, real pieces of hardware, I know that K exact

16:31.800 --> 16:36.840
can be a problem, that's what people, I think that's one of the main issues that people

16:36.840 --> 16:46.680
bring up about this, is that people are worried about K exact, so, even now, like, the compression

16:46.680 --> 16:51.500
of our AR's kernel has changed, and it's not, that doesn't work in K exact now, for

16:51.740 --> 16:56.940
Dorah, so, like, we can, that doesn't work currently, but it's going to, hopefully,

16:56.940 --> 17:03.180
work soon, so even in a, even in a VM, we wouldn't be able to do it, but we have, I know

17:03.180 --> 17:08.380
that we have to continue to, to, to test hardware, and we will continue to test hardware,

17:08.380 --> 17:20.300
because, yeah, I'm sorry, so, I mean, it's, the book time is very similar, except that if you

17:20.300 --> 17:23.980
have a menu, it's going to be a little bit, it's going to be a little bit slower, if you

17:23.980 --> 17:28.780
have a menu, if you have things like this, but, but the, but the, but the actual boot time is

17:28.780 --> 17:38.220
not significantly affected, so K exact is not introduced much, much time to it.

17:50.300 --> 18:18.140
The question was about the shimhai of, and how it's going to, um, the question was about the shimhai,

18:18.140 --> 18:25.180
and how it's going to, um, yeah, whether it's signed or whether, how it's, how we maintain

18:25.180 --> 18:46.620
the, okay, so the question is about about shimhai of, and how we can alter the

18:46.620 --> 18:51.740
command, how we can allow users to change the command line, and, and keep, keep it signed.

18:51.740 --> 18:58.940
So the shimhai is going to, we're, we want to use FV variables for this, so, so it wouldn't,

18:58.940 --> 19:05.500
it wouldn't be signed, but it would only be accessible like root, could access it, but it wouldn't

19:05.500 --> 19:10.540
be, uh, and it would, and let us ask that, it would, it would be measured, so we would be aware of

19:10.540 --> 19:18.380
changes, um, but it wouldn't be, uh, only using the K exact case, and, and updating nimble,

19:18.380 --> 19:22.380
them updating the boot loader every time they got a new kernel, that would be, you know, you

19:22.380 --> 19:26.620
couldn't possibly get anything signed fast enough, you couldn't distribute it fast enough, so

19:26.620 --> 19:31.180
they're had, so there has to be this, this step in between. Obviously, if you would remove

19:31.180 --> 19:35.340
those certificates, if you wanted to just do your own chain of trust from hard, you know, from

19:35.420 --> 19:40.620
hardware to, to, to kernel, you could do that, but I think that there are a lot of people,

19:40.620 --> 19:44.460
maybe you all can do that, but I, I think there are a lot of people who don't know how to do that,

19:44.460 --> 19:50.300
especially things like option rooms, you'd be screwed. So, thank you so much, uh, for your attention

19:50.300 --> 19:55.340
for your time, I'm here, I'm here, so come find me, uh, right name mail, whatever.