It's worth noting that System Transparency is a multi-year effort to bring transparency to running computer systems. We are aiming for what we call transparent servers. Just like there's open source software and open source hardware we think there should be open source running systems.
That's the gist of it.
If you think this is interesting I can highly recommend you check out Sigsum - our transparency log design for signed checksums. We've been developing it for a few years and will most likely toggle it version 1 this spring. Here's its threat model:
Sigsum is designed to be secure against a powerful attacker that controls:
- The signer’s secret key and infrastructure
- The log’s secret key and infrastructure
- A threshold of so-called witnesses that cosign the log
Another project that started at Mullvad VPN and is now its own company is Tillitis. Its first product is an open source hardware USB device with unconditional measured boot and key derivation inspired by DICE. Everything from source code to Verilog and KiCad files are on GitHub. Enjoy!
Cheers, Fredrik Stromberg
(Disclosure: I cofounded Mullvad VPN, invented System Transparency, co-designed Sigsum, co-designed TKey, and cofounded Tillitis)
I love the concept. I created and ran a PXE/netbooted full OS on ramdisk[1] for my old companies servers for years. We were in the high performance computing and storage space. Stateless machines have so many advantages over stateful.
That said, solving a trusted boot problem was not something I could tackle alone. I didn't have a sense for how much/little I could trust the machine/bios/firmware. None of the tooling I considered (hashing firmware/boot data/etc.) seemed secure without a whole additional infrastructure.
That's the gist of it.
If you think this is interesting I can highly recommend you check out Sigsum - our transparency log design for signed checksums. We've been developing it for a few years and will most likely toggle it version 1 this spring. Here's its threat model:
Sigsum is designed to be secure against a powerful attacker that controls:
- The signer’s secret key and infrastructure - The log’s secret key and infrastructure - A threshold of so-called witnesses that cosign the log
Another project that started at Mullvad VPN and is now its own company is Tillitis. Its first product is an open source hardware USB device with unconditional measured boot and key derivation inspired by DICE. Everything from source code to Verilog and KiCad files are on GitHub. Enjoy!
Cheers, Fredrik Stromberg
(Disclosure: I cofounded Mullvad VPN, invented System Transparency, co-designed Sigsum, co-designed TKey, and cofounded Tillitis)