Open source firmware for high assurance confidential infrastructure
UD6.215 | Day 2 | 12:25 - 12:45 | Speakers: Michał Żygowski, Piotr Król
Abstract
This talk presents a practical approach to building a high‑assurance core infrastructure for home and small business environments, using modern open firmware on commodity server hardware.
As AI workloads move from cloud to on‑premise, the need for trustworthy and attestable hardware platforms for running models and handling sensitive data becomes critical. But what does "trustworthy" actually mean at the hardware/firmware level, and can we realistically achieve it with today’s platforms?
We will walk through how to build a system based on a modern AMD server board combined with open‑source firmware (coreboot[1] and OpenSIL[2]) to gain more control and transparency across the boot chain. We will discuss:
- How open firmware and silicon initialization enable a stronger supply chain transparency and verifiability
- How to establish, measure, and attest a minimal and understandable firmware and software stack
- How to combine this with AMD’s security and confidential computing features to protect workloads and keys
- Practical pitfalls when deploying such systems at home or in small organizations
The goal is to show how open firmware can complement security and confidentiality computing features to create a platform you can actually inspect, reason about, and attest from top to bottom - rather than treating the hardware and firmware as opaque, trusted black boxes.
[1] https://www.coreboot.org/ [2] https://github.com/openSIL/openSIL
Attachments
Speakers
Michał Żygowski is a versatile engineer with a strong focus on system firmware. Works as a firmware engineer at 3mdeb Embedded Systems Consulting . Active contributor of coreboot and other open-source projects. Core coreboot developer, maintainer of Braswell SoC, PC Engines, Protectli and MSI platforms. Loves travelling and attending conferences, which actively speaks on. Mainly interested in the firmware, security and advanced hardware features.
Piotr Król is an open-source firmware enthusiast who founded 3mdeb in March 2015. His expertise is rooted in the hacker ethos of collaborative innovation and transparency, guiding 3mdeb's focus on products like Zarhus OS, a Yocto-based Embedded Linux distribution, and Dasharo, a coreboot downstream project. These projects are dedicated to open development, embedded firmware resilience, platform security, transparency, the right to repair, and digital sovereignty.
Piotr's deep involvement in open-source firmware includes key computing areas such as Root of Trust, Secure, Verified and Measured Boot, TPM, coreboot, UEFI, EDK II, Yocto, U-Boot, and Linux. He often speaks at significant industry events like FOSDEM, Xen Developers Summit, and Platform Security Summit, sharing his insights and promoting the open-source firmware ecosystem. Piotr is dedicated to sharing knowledge by serving as a Trainer at OpenSecurityTraining2, offering free and open educational materials to advance the open-source firmware ecosystem.
Links
External Links
Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.