Send in your ideas. Deadline June 1, 2024
More info available :
Theme fund: NGI0 Entrust
Start: 2023-04
More projects like this
Operating Systems

Trenchboot as Anti Evil Maid

Integrate Trenchboot into Qubes OS as defense mechanism against physical compromise

Enhancing the security measures of Qubes OS is the primary objective of this initiative, which involves integrating the TrenchBoot Project into the Anti-Evil Maid (AEM) implementation. Traditional firmware security measures, such as UEFI Secure Boot and measured boot, have limitations that can be overcome by leveraging Dynamic Root of Trust (DRT) technologies and TPM 2.0.

TrenchBoot provides a secure environment for operating system launch and integrity measurements, ensuring greater protection. The project aims to extend support to both Intel and AMD hardware, addressing the current lack of TPM 2.0 support and AMD compatibility in the AEM implementation. Key objectives include implementing TPM 2.0 support in Xen, updating AEM scripts, and ensuring seamless integration with AMD hardware. The successful execution of this initiative will significantly enhance the security of Qubes OS and promote the adoption of DRT technologies in open-source and security-oriented operating systems. Thorough testing on various hardware configurations will validate the solution's effectiveness and reliability.

Run by 3mdeb Sp. z o.o.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.