In a world where trust is built byte by byte, measured boot is fast becoming the foundation of trust in modern systems. But realizing it across a layered, multi-vendor firmware stack is anything but trivial.
We’ll take a tour through how Arm is enabling a new level of transparency and integrity weaving together diverse open-source boot-stage components, Trusted Firmware-A (TF-A), EDK2, and Linux, into a cohesive measured boot pipeline. At the heart of this effort is the Firmware Handoff specification, acting as the stitching thread, passing cryptographic measurements, metadata, and control between stages.
We’ll trace the flow of measurements from secure world to UEFI to kernel, and explore how Arm’s platform architecture, tooling, and upstream contributions are making this not just possible, but practical. Along the way, we’ll connect the dots to TPM-backed attestation, event logging, and remote verification. Whether you're a firmware developer, security architect, or just a fan of elegant handoffs, join us to see how open firmware is chatting.
We'll explore how the Firmware Handoff (as defined in the Arm Firmware Handoff Specification https://firmwarehandoff.github.io/firmware_handoff/main/index.html) provides a standardized data structure for passing information between firmware stages operating across different exception levels and execution environments. This talk further dives into how Arm is leveraging the Firmware Handoff Specification to connect key open-source boot components to enable a consistent, end-to-end measured boot flow.
The session will include implementation insights from real-world prototypes, discussions on upstream engagement, and how this work integrates with TPM-backed attestation, event logs, and remote attestation. Open source components in focus include the Trusted Firmware-A (TF-A), EDK2, Linux, other standalone libraries and standards that enable this flow. This is a practical talk for those interested in measured boot, firmware architecture, open-source firmware handoff and building measurable trust from the first instruction to the final init.