I like to take things apart.
qrsHomepage – Employer –
Lower Layer LabsGithub –
osresearchTimezone during event –
Configuring all of the pieces for UEFI Secure Boot, generating keys in hardware tokens, signing kernels, integrating LUKS disk encryption with the TPM, and remotely attesting to the state of the system is very complex, yet vital part of locking down laptops and servers against adversaries. Users and administrators need a tool that wraps up all of the complexity into the few operations that they need from day to day: signing new kernels, decrypting their disks at boot, protecting the system from runtime attackers, attesting to the integrity of their systems, and so on. safeboot and tpm2-attest are (early versions of) those tools!