Hardware Root of Trust: The Fundamental Security Layer You Can Trust 🔒

Secure systems are built on a layered model. At the very bottom of the stack you have to trust something - but what can you trust? A Hardware Root of Trust provides this critical foundation for secure systems. A HW RoT is included in virtually every server and laptop shipped over the last decade - yet is almost entirely unused! We will cover why this happened, what has changed, and what to expect in the future. We will use TPM 2.0 as a Hardware RoT. We will introduce the TPM 2.0 module, the TCG Software Stack (TSS), cover the operations it can perform, and explore the userspace tools that simplify using TPM 2.0. We will show a concrete example of the application of TPM, by using Clevis to automatically unlock an encrypted root volume on boot by storing an encrypted key in the TPM.