{"acronym":"asg2024","aspect_ratio":"16:9","updated_at":"2026-04-04T10:30:04.270+02:00","title":"All Systems Go! 2024","schedule_url":"https://cfp.all-systems-go.io/all-systems-go-2024/schedule/export/schedule.xml","slug":"conferences/all_systems_go/asg2024","event_last_released_at":"2024-09-26T00:00:00.000+02:00","link":"","description":"","webgen_location":"conferences/all_systems_go/asg2024","logo_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/logo.png","images_url":"https://static.media.ccc.de/media/events/all_systems_go/2024","recordings_url":"https://cdn.media.ccc.de/events/all_systems_go/2024","url":"https://api.media.ccc.de/public/conferences/asg2024","events":[{"guid":"404a2e35-a801-5554-a9d2-fa10b2045781","title":"Booting an embedded system like a PC","subtitle":null,"slug":"all-systems-go-2024-274-booting-an-embedded-system-like-a-pc","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/VZGAAG/","description":"This shows how to boot an [mkosi](https://github.com/systemd/mkosi) generated arm64 [Debian](https://debian.org) Image with [UKI](https://github.com/uapi-group/specifications/blob/main/specs/unified_kernel_image.md) and systemd-boot on a [u-boot](https://docs.u-boot.org/en/latest/develop/uefi/u-boot_on_efi.html) based EFI firmware with a [fTPM](https://github.com/microsoft/ms-tpm-20-ref/tree/main/Samples/ARM32-FirmwareTPM/optee_ta/fTPM) as a Trusted-Application in [OP-TEE](https://optee.readthedocs.io/en/latest/general/about.html)\n\nEmbedded systems are very similar to IT managed PCs. A manufacturer of the device wants to ensure, that the system integrity is good, e.g. before unlocking secrets that allow accessing cloud services.\n\nTherefore the recent developments of the UAPI group and systemd are also very useful in the embedded world.\n\nThis talk gives an overview of the involved software components and how they are combined.\nIt shows how to build a firmware for an i.MX8MM that allows booting modern Linux images.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Manuel Traut"],"tags":["274","asg2024","Dome","2024","Day 2"],"view_count":198,"promoted":false,"date":"2024-09-26T10:50:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-31T02:45:02.770+02:00","length":2331,"duration":2331,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/274-404a2e35-a801-5554-a9d2-fa10b2045781.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/274-404a2e35-a801-5554-a9d2-fa10b2045781_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/274-404a2e35-a801-5554-a9d2-fa10b2045781.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/274-404a2e35-a801-5554-a9d2-fa10b2045781.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-274-booting-an-embedded-system-like-a-pc","url":"https://api.media.ccc.de/public/events/404a2e35-a801-5554-a9d2-fa10b2045781","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"eb498dbf-d3bf-5c72-87c1-9969238e7332","title":"Successes and struggles using the systemd user instance in developer environments","subtitle":null,"slug":"all-systems-go-2024-281-successes-and-struggles-using-the-systemd-user-instance-in-developer-environments","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/H7CVUQ/","description":"This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Colin Chan"],"tags":["281","asg2024","Main Hall","2024","Day 2"],"view_count":65,"promoted":false,"date":"2024-09-26T17:00:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-24T00:15:05.152+01:00","length":1608,"duration":1608,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/281-eb498dbf-d3bf-5c72-87c1-9969238e7332.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/281-eb498dbf-d3bf-5c72-87c1-9969238e7332_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/281-eb498dbf-d3bf-5c72-87c1-9969238e7332.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/281-eb498dbf-d3bf-5c72-87c1-9969238e7332.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-281-successes-and-struggles-using-the-systemd-user-instance-in-developer-environments","url":"https://api.media.ccc.de/public/events/eb498dbf-d3bf-5c72-87c1-9969238e7332","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"b867a151-17c0-5663-90e2-f89ee2aa03a4","title":"Integration testing environment for mixed HPC and cloud workloads","subtitle":null,"slug":"all-systems-go-2024-321-integration-testing-environment-for-mixed-hpc-and-cloud-workloads","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/XNQLTE/","description":"Integration testing environment for mixed HPC and cloud workloads\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Ruggero Lot"],"tags":["321","asg2024","Main Hall","2024","Day 1"],"view_count":18,"promoted":false,"date":"2024-09-25T18:15:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2025-10-06T04:45:04.182+02:00","length":263,"duration":263,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/321-b867a151-17c0-5663-90e2-f89ee2aa03a4.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/321-b867a151-17c0-5663-90e2-f89ee2aa03a4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/321-b867a151-17c0-5663-90e2-f89ee2aa03a4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/321-b867a151-17c0-5663-90e2-f89ee2aa03a4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-321-integration-testing-environment-for-mixed-hpc-and-cloud-workloads","url":"https://api.media.ccc.de/public/events/b867a151-17c0-5663-90e2-f89ee2aa03a4","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"ff1ca6fa-d11f-5418-b15f-f257510881fe","title":"What's your PID 1 up to?","subtitle":null,"slug":"all-systems-go-2024-261-what-s-your-pid-1-up-to-","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/7APG3H/","description":"How do you continually test and release new versions of systemd with confidence? Also, once released, how do you monitor PID 1 itself and your PID 1 usage across your server fleet? This talk dives into Meta’s way of answering these questions so we can minimize the risk of breaking changes and fun each systemd release brings us. Some of the technology in the talk is OSS, so you too, can join in on the fun knowing how your systemd usage is across your own infrastructure!\n\nThis talk will dive into how Meta baseline’s our systemd usage across the fleet and use that data for CI, releasing and monitoring systemd.\n\n\n\n* Who am I + what do I work on\n* The common big monitoring hole many bare bone infrastructures have\n    * PID 1\n    * PID 1 usage\n* Systemd @ meta\n    * Imaging initrd\n    * Initrd\n    * Main os\n    * Twine containers\n* Overview of OS image building and deployment @ meta\n    * How we build images\n    * How we provision servers\n    * Chef’s role\n    * What we check from our PID1 statistics to ensure a box is “healthy” enough to take workloads\n* Usage of hyperscale’s systemd-cd @ meta\n    * What is systemd-cd\n        * [https://sigs.centos.org/hyperscale/internal/ci/](https://sigs.centos.org/hyperscale/internal/ci/)\n    * How do we use it\n    * What issues has it found for us\n* Monitoring of meta’s systemd usage across the millions of hosts\n    * Stats collected\n    * Introduce monitord\n        * Dbus (fun) vs. varlink\n        * mention OSS alternative(s) found - explain why invented monitord\n    * Introduce monitord-exporter\n    * Show usage outside of meta (will be my small home infra + VPS’s)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Cooper Ry Lees"],"tags":["261","asg2024","Main Hall","2024","Day 2"],"view_count":153,"promoted":false,"date":"2024-09-26T12:20:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-26T19:00:07.276+01:00","length":2241,"duration":2241,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/261-ff1ca6fa-d11f-5418-b15f-f257510881fe.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/261-ff1ca6fa-d11f-5418-b15f-f257510881fe_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/261-ff1ca6fa-d11f-5418-b15f-f257510881fe.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/261-ff1ca6fa-d11f-5418-b15f-f257510881fe.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-261-what-s-your-pid-1-up-to-","url":"https://api.media.ccc.de/public/events/ff1ca6fa-d11f-5418-b15f-f257510881fe","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"9f83056d-1f96-5d1e-8e7c-e6c552246e76","title":"Improving bpftrace reliability","subtitle":null,"slug":"all-systems-go-2024-280-improving-bpftrace-reliability","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/MXAEYZ/","description":"bpftrace is a popular and powerful dynamic tracer for Linux systems. In the vast majority of uses cases, bpftrace does its job quickly, efficiently, and accurately. However with the rapid increase of users, use cases, and features, the bpftrace community has started to feel (technical) growing pains. In particular, we've started to uncover various reliability issues. In this talk, we will cover what is already done as well as what is currently broken and how we will systematically fix and prevent these issues from re-occuring.\n\nBecause bpftrace sits at the intersection of operating systems, compilers, and observability, we have the fortunate advantage of being able to absorb techniques and tricks from these fairly different disciplines. We hope that some of the knowledge we share will be both interesting as well practical to attendees.\n\nAudience participation is highly welcome. In particular, we are quite interested in receiving feedback in the form of bug reports, feature requests, complaints, etc.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Daniel Xu"],"tags":["280","asg2024","Dome","2024","Day 1"],"view_count":32,"promoted":false,"date":"2024-09-25T10:45:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2025-12-12T12:45:04.898+01:00","length":1386,"duration":1386,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/280-9f83056d-1f96-5d1e-8e7c-e6c552246e76.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/280-9f83056d-1f96-5d1e-8e7c-e6c552246e76_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/280-9f83056d-1f96-5d1e-8e7c-e6c552246e76.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/280-9f83056d-1f96-5d1e-8e7c-e6c552246e76.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-280-improving-bpftrace-reliability","url":"https://api.media.ccc.de/public/events/9f83056d-1f96-5d1e-8e7c-e6c552246e76","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"1c377bca-6794-5d78-aaf1-553fd2d42538","title":"The road to a trusted and measured boot chain in Bootable Containers","subtitle":null,"slug":"all-systems-go-2024-309-the-road-to-a-trusted-and-measured-boot-chain-in-bootable-containers","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/HVEZQQ/","description":"Fedora image based variants (CoreOS, Atomic Desktops, IoT) are currently built using ostree and rpm-ostree. This enables an hybrid approach where the system is managed like an image but modifications are still possible using RPMs.\n\nBut this approach has limits:\n- It is difficult for users to customize their operating system and share those customizations.\n- The integrity of the boot chain is not guarenteed and it is costly to validate the system content at runtime.\n\nTo address those shortcomings, we are introducing the bootable containers (bootc) project. With bootable containers, the content of the operating system, including the kernel and initrd (or a UKI) is shipped in a container image alongside its corresponding base userspace root filesystem. This image can then be modified using container native tools and shared via a container registry.\n\nTo chain from platform Secure Boot to a verified root filesystem, the ostree project has integrated support for composefs. It combines multiple Linux kernel features (overlayfs, EROFS and fs-verity) to provide read-only mountable filesystem trees stacking on top of an underlying \"lower\" Linux filesystem.\n\nWe will detail how we are integrating composefs and UKI support in Bootable Containers to enable a trusted and measured boot chain while letting users customize and re-sign their images to fit their needs.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Timothée Ravier","JB Trystram"],"tags":["309","asg2024","Main Hall","2024","Day 1"],"view_count":170,"promoted":false,"date":"2024-09-25T11:55:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-21T16:30:05.588+01:00","length":2435,"duration":2435,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/309-1c377bca-6794-5d78-aaf1-553fd2d42538.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/309-1c377bca-6794-5d78-aaf1-553fd2d42538_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/309-1c377bca-6794-5d78-aaf1-553fd2d42538.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/309-1c377bca-6794-5d78-aaf1-553fd2d42538.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-309-the-road-to-a-trusted-and-measured-boot-chain-in-bootable-containers","url":"https://api.media.ccc.de/public/events/1c377bca-6794-5d78-aaf1-553fd2d42538","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"5cf95c8e-1ddd-5e31-8d06-cd8bab26207b","title":"Debian, empty /var/, empty /etc/ and factory reset","subtitle":null,"slug":"all-systems-go-2024-284-debian-empty-var-empty-etc-and-factory-reset","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/3K8NZT/","description":"This presentation will review how far Debian (and more generally, traditional distributions) is from supporting factory reset: what can work, what is missing and possible hacks^Wways to do it without starting a distribution-wide effort.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Marco d'Itri"],"tags":["284","asg2024","Main Hall","2024","Day 1"],"view_count":294,"promoted":false,"date":"2024-09-25T18:10:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-31T16:30:05.528+02:00","length":338,"duration":338,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/284-5cf95c8e-1ddd-5e31-8d06-cd8bab26207b.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/284-5cf95c8e-1ddd-5e31-8d06-cd8bab26207b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/284-5cf95c8e-1ddd-5e31-8d06-cd8bab26207b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/284-5cf95c8e-1ddd-5e31-8d06-cd8bab26207b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-284-debian-empty-var-empty-etc-and-factory-reset","url":"https://api.media.ccc.de/public/events/5cf95c8e-1ddd-5e31-8d06-cd8bab26207b","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"41d61f94-49ff-5742-9837-7f809b0fb260","title":"systemd: round table","subtitle":null,"slug":"all-systems-go-2024-299-systemd-round-table","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/YQZBGT/","description":"Let's have an open discussion with systemd developers who are at ASG and users in the audience. We will open with the developers saying what they plan to work on in the near future, and then allow questions / comments from the audience.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Zbigniew Jędrzejewski-Szmek","Luca Boccassi","Lennart Poettering","Mike Yuan","Yu Watanabe"],"tags":["299","asg2024","Main Hall","2024","Day 2"],"view_count":243,"promoted":false,"date":"2024-09-26T09:55:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-04-04T02:15:04.257+02:00","length":1477,"duration":1477,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/299-41d61f94-49ff-5742-9837-7f809b0fb260.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/299-41d61f94-49ff-5742-9837-7f809b0fb260_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/299-41d61f94-49ff-5742-9837-7f809b0fb260.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/299-41d61f94-49ff-5742-9837-7f809b0fb260.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-299-systemd-round-table","url":"https://api.media.ccc.de/public/events/41d61f94-49ff-5742-9837-7f809b0fb260","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"ef2495ce-b728-5d01-8b8b-4e788f44452d","title":"Home Directory Encryption in GNOME","subtitle":null,"slug":"all-systems-go-2024-282-home-directory-encryption-in-gnome","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/FFY3BB/","description":"Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be done\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Adrian Vovk"],"tags":["282","asg2024","Dome","2024","Day 2"],"view_count":213,"promoted":false,"date":"2024-09-26T17:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-04-03T18:15:04.438+02:00","length":1561,"duration":1561,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/282-ef2495ce-b728-5d01-8b8b-4e788f44452d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/282-ef2495ce-b728-5d01-8b8b-4e788f44452d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/282-ef2495ce-b728-5d01-8b8b-4e788f44452d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/282-ef2495ce-b728-5d01-8b8b-4e788f44452d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-282-home-directory-encryption-in-gnome","url":"https://api.media.ccc.de/public/events/ef2495ce-b728-5d01-8b8b-4e788f44452d","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"ec605407-e1c6-56d7-8ac0-7a343e0221fa","title":"An extendable and securely signed image-based OS with updates","subtitle":null,"slug":"all-systems-go-2024-303-an-extendable-and-securely-signed-image-based-os-with-updates","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/LJAYYL/","description":"With systemd tooling, including mkosi, it is possible to build an OS image that fulfills all checkmarks a modern image-based OS should have, but with a standard off-the-shelf distribution!\nThis talk gives an overview for a possible workflow, including A/B updates and offline signed images and updates, in real-use. As a bonus, it is also self-replicating and uses as little configuration as possible, leveraging built-in systemd auto detection.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Marius Schiffer"],"tags":["303","asg2024","Dome","2024","Day 1"],"view_count":87,"promoted":false,"date":"2024-09-25T16:30:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-23T16:30:07.785+01:00","length":1609,"duration":1609,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/303-ec605407-e1c6-56d7-8ac0-7a343e0221fa.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/303-ec605407-e1c6-56d7-8ac0-7a343e0221fa_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/303-ec605407-e1c6-56d7-8ac0-7a343e0221fa.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/303-ec605407-e1c6-56d7-8ac0-7a343e0221fa.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-303-an-extendable-and-securely-signed-image-based-os-with-updates","url":"https://api.media.ccc.de/public/events/ec605407-e1c6-56d7-8ac0-7a343e0221fa","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"42c0ee40-573c-5172-837f-c99413445666","title":"Building Secure Container Images for the Cloud with Yocto","subtitle":null,"slug":"all-systems-go-2024-267-building-secure-container-images-for-the-cloud-with-yocto","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/KZPRPN/","description":"Yocto is a tool for building custom Linux distros. When you think about it, a container image is just a custom Linux distro. The distro (e.g. Alpine) is your base image and the customizations are the rest of your application or microservice. Like Podman, Yocto can generate a complete root filesystem in the form of an OCI container image. Originally targeted at bare metal, the Yocto configuration and build process seems complex when compared to the Containerfile approach of cloud native tools. Yocto's OpenEmbedded origins also mean that reduced image size, SBOM generation, license compliance, and reproducible builds were concerns early on in the project rather than afterthoughts. With security and risk of litigation now top of mind, this talk explains Yocto's uniquely layered and ultimately monolithic approach to solving these real-world software problems.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Frank Vasquez"],"tags":["267","asg2024","Dome","2024","Day 2"],"view_count":179,"promoted":false,"date":"2024-09-26T11:35:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-24T16:15:08.015+01:00","length":2475,"duration":2475,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/267-42c0ee40-573c-5172-837f-c99413445666.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/267-42c0ee40-573c-5172-837f-c99413445666_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/267-42c0ee40-573c-5172-837f-c99413445666.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/267-42c0ee40-573c-5172-837f-c99413445666.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-267-building-secure-container-images-for-the-cloud-with-yocto","url":"https://api.media.ccc.de/public/events/42c0ee40-573c-5172-837f-c99413445666","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"a979bfcf-2a0f-58ab-bc43-ce5b56528d26","title":"using io_uring for storage","subtitle":null,"slug":"all-systems-go-2024-305-using-iouring-for-storage","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/U7GJJW/","description":"A brief report about how we use io_uring in SLASH/fellow https://gitlab.com/uplex/varnish/slash, an always consistent, eventually persistent storage engine for Varnish-Cache. (FOSS, LGPL)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Nils Goroll"],"tags":["305","asg2024","Dome","2024","Day 2"],"view_count":267,"promoted":false,"date":"2024-09-26T09:55:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-13T09:15:05.229+01:00","length":1417,"duration":1417,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/305-a979bfcf-2a0f-58ab-bc43-ce5b56528d26.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/305-a979bfcf-2a0f-58ab-bc43-ce5b56528d26_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/305-a979bfcf-2a0f-58ab-bc43-ce5b56528d26.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/305-a979bfcf-2a0f-58ab-bc43-ce5b56528d26.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-305-using-iouring-for-storage","url":"https://api.media.ccc.de/public/events/a979bfcf-2a0f-58ab-bc43-ce5b56528d26","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"ece9fd92-34a6-5391-b0f3-61ebdedc0e64","title":"Portable software bills of materials with Nix and systemd portable services","subtitle":null,"slug":"all-systems-go-2024-315-portable-software-bills-of-materials-with-nix-and-systemd-portable-services","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/7XGYDC/","description":"While software bills of materials become of increasing value to further trust in the software supply chain, generating high quality SBOMs still poses some challenges in some ecosystems due to the lack of proper tooling or accessible build metadata. In this talk, I'll explain and demonstrate how we can leverage the static dependency graph of functional package managers like Nix to generate very precise SBOMs, that can be relevant for running a service on any linux distribution thanks to systemd portable services.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Julien Malka"],"tags":["315","asg2024","Main Hall","2024","Day 1"],"view_count":148,"promoted":false,"date":"2024-09-25T16:30:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-04-02T12:45:05.247+02:00","length":1256,"duration":1256,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/315-ece9fd92-34a6-5391-b0f3-61ebdedc0e64.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/315-ece9fd92-34a6-5391-b0f3-61ebdedc0e64_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/315-ece9fd92-34a6-5391-b0f3-61ebdedc0e64.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/315-ece9fd92-34a6-5391-b0f3-61ebdedc0e64.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-315-portable-software-bills-of-materials-with-nix-and-systemd-portable-services","url":"https://api.media.ccc.de/public/events/ece9fd92-34a6-5391-b0f3-61ebdedc0e64","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"6a96d685-b834-5be1-bc0b-60da2c3c29e6","title":"Varlink Now!","subtitle":null,"slug":"all-systems-go-2024-276-varlink-now-","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/XSYMKW/","description":"Why bother with Varlink IPC, and why now?\n\nThe Varlink IPC has been around for a while, but recently we started using it heavily in systemd. In this talk I'd like to explain what Varlink IPC is, and why we are now adopting it so heavily. And I also want to explain why I think that Varlink is a good candidate as IPC of choice for any Linux software, both low-level and higher-level. We'll compare it with D-Bus in particular, and highlight where it shines (and where it doesn't shine so much).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Lennart Poettering"],"tags":["276","asg2024","Main Hall","2024","Day 2"],"view_count":4630,"promoted":false,"date":"2024-09-26T10:20:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-04-03T22:30:06.442+02:00","length":1647,"duration":1647,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/276-6a96d685-b834-5be1-bc0b-60da2c3c29e6.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/276-6a96d685-b834-5be1-bc0b-60da2c3c29e6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/276-6a96d685-b834-5be1-bc0b-60da2c3c29e6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/276-6a96d685-b834-5be1-bc0b-60da2c3c29e6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-276-varlink-now-","url":"https://api.media.ccc.de/public/events/6a96d685-b834-5be1-bc0b-60da2c3c29e6","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"d7383c4a-91c8-5292-b611-02ad259b2c33","title":"Creating Arch Linux images using mkosi","subtitle":null,"slug":"all-systems-go-2024-312-creating-arch-linux-images-using-mkosi","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/QFUGLT/","description":"Arch Linux creates 2 cloud images, 2 vagrant images every month using custom bash scripts and requiring root for building. This talk will look at how these images can be created using mkosi, building them in CI, testing the build images and as a bonus; build reproducible?\n\nProject link: https://gitlab.archlinux.org/archlinux/arch-boxes\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Jelle van der Waa"],"tags":["312","asg2024","Dome","2024","Day 1"],"view_count":205,"promoted":false,"date":"2024-09-25T17:00:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-30T20:15:05.322+02:00","length":1529,"duration":1529,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/312-d7383c4a-91c8-5292-b611-02ad259b2c33.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/312-d7383c4a-91c8-5292-b611-02ad259b2c33_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/312-d7383c4a-91c8-5292-b611-02ad259b2c33.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/312-d7383c4a-91c8-5292-b611-02ad259b2c33.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-312-creating-arch-linux-images-using-mkosi","url":"https://api.media.ccc.de/public/events/d7383c4a-91c8-5292-b611-02ad259b2c33","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"a568f198-98a8-539b-8bb6-e761e4989d9e","title":"busd: There is a new D-Bus broker in town","subtitle":null,"slug":"all-systems-go-2024-298-busd-there-is-a-new-d-bus-broker-in-town","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/WB7DYF/","description":"D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and expressiveness.\n\nIn the past years, Zeeshan has developed a library, called zbus for enabling implementation of D-Bus services and clients in a programming language designed for safety: Rust. zbus has become the go-to library for writing D-Bus code in Rust. While that is major step forward, the communication typically still happens through a broker and the two major broker implementation are both are written in C and have been stagnating for years.\n\nThis is why Zeeshan has recently started working on writing a D-Bus broker based on zbus, called busd, which not only aims provide a drop-in replacement for existing brokers, but also modernize the D-Bus space by providing new features needed by apps and services, such as systemd.\n\nIn this talk, Zeeshan will walk us through a summary of his journey so far, the current state of busd and his plans and dreams for the future of D-Bus.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Zeeshan Ali Khan"],"tags":["298","asg2024","Dome","2024","Day 2"],"view_count":164,"promoted":false,"date":"2024-09-26T14:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-31T03:00:02.970+02:00","length":2362,"duration":2362,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/298-a568f198-98a8-539b-8bb6-e761e4989d9e.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/298-a568f198-98a8-539b-8bb6-e761e4989d9e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/298-a568f198-98a8-539b-8bb6-e761e4989d9e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/298-a568f198-98a8-539b-8bb6-e761e4989d9e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-298-busd-there-is-a-new-d-bus-broker-in-town","url":"https://api.media.ccc.de/public/events/a568f198-98a8-539b-8bb6-e761e4989d9e","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"54ae33b3-41ef-5d5e-a54e-0ae9f7330cc9","title":"Introducing azure-init, a minimal provisioning agent written in Rust","subtitle":null,"slug":"all-systems-go-2024-290-introducing-azure-init-a-minimal-provisioning-agent-written-in-rust","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/BK7KMD/","description":"[Azure-init](https://github.com/Azure/azure-init) is a fresh open source reference implementation for provisioning Linux virtual machines in Azure. In contrast to existing systems like cloud-init, azure-init aims to be minimal, focusing on basic instance initialization from Azure metadata. Azure-init also consists of a flexible structure to enable its use by other provisioning agents like Fedora CoreOS’ [Afterburn](https://github.com/coreos/afterburn/). Finally, azure-init aims to be fast and secure, being written in Rust. In this talk we will review the motivations for the creation of azure-init, the current status of the project, and vision for its future development.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Dongsu Park"],"tags":["290","asg2024","Dome","2024","Day 1"],"view_count":37,"promoted":false,"date":"2024-09-25T10:15:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2025-12-09T08:45:04.397+01:00","length":1434,"duration":1434,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/290-54ae33b3-41ef-5d5e-a54e-0ae9f7330cc9.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/290-54ae33b3-41ef-5d5e-a54e-0ae9f7330cc9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/290-54ae33b3-41ef-5d5e-a54e-0ae9f7330cc9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/290-54ae33b3-41ef-5d5e-a54e-0ae9f7330cc9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-290-introducing-azure-init-a-minimal-provisioning-agent-written-in-rust","url":"https://api.media.ccc.de/public/events/54ae33b3-41ef-5d5e-a54e-0ae9f7330cc9","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"998602c0-3c2c-55d0-b533-5791a058c01a","title":"libpathrs: securing path operations for system tools","subtitle":null,"slug":"all-systems-go-2024-310-libpathrs-securing-path-operations-for-system-tools","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/ZZFL7L/","description":"Container runtimes and other privileged system management tools have historically struggled with safely operating on a path within a directory tree controlled by a malicious user. [libpathrs][] is a library which makes it easy to do said path operations, as well as providing some other safe path-related utilities such as providing safe wrappers to operate on procfs files in a safe way.\n\n[libpathrs]: https://github.com/openSUSE/libpathrs\n\nAs part of the kernel work on openat2(2) and continuing kernel work to make magic-links safer (against both confused deputy attacks and resource re-opening attacks), the need for a library to make it easy to do all sorts of VFS operations safely became obvious, and so [libpathrs][] was born. [libpathrs][] uses openat2(2) if available, but has a fallback to the old fashioned (and more finicky) method of doing safe-ish path resolutions.\n\nThis talk will talk about how [libpathrs][] works and how it can help secure container runtimes and privileged system management tools against attacks, as well as touching on some ongoing kernel work which would allow for even more hardening.\n\nAfter the talk, slides will be available from [my site](https://www.cyphar.com/talks).\n\n[libpathrs]: https://github.com/openSUSE/libpathrs\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Aleksa Sarai"],"tags":["310","asg2024","Dome","2024","Day 2"],"view_count":62,"promoted":false,"date":"2024-09-26T10:20:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-04-02T11:00:05.274+02:00","length":1382,"duration":1382,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/310-998602c0-3c2c-55d0-b533-5791a058c01a.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/310-998602c0-3c2c-55d0-b533-5791a058c01a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/310-998602c0-3c2c-55d0-b533-5791a058c01a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/310-998602c0-3c2c-55d0-b533-5791a058c01a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-310-libpathrs-securing-path-operations-for-system-tools","url":"https://api.media.ccc.de/public/events/998602c0-3c2c-55d0-b533-5791a058c01a","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"7ea1f603-1d9d-5335-9352-f434c9be69b3","title":"systemd 255 in Tizen, or how we have paid our technical debt and took another one","subtitle":null,"slug":"all-systems-go-2024-264-systemd-255-in-tizen-or-how-we-have-paid-our-technical-debt-and-took-another-one","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/QLJGJJ/","description":"In this talk we present the story of upgrading systemd in Tizen by eleven releases. We share both the lessons we've learnt during the most recent upgrade as well as decade long experience of the maintenance and development of key packages in the only GNU/Linux distribution that uses kdbus. We describe our day-to-day git workflow as well as upgrade procedures we came up with over the years.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Łukasz Stelmach"],"tags":["264","asg2024","Main Hall","2024","Day 1"],"view_count":60,"promoted":false,"date":"2024-09-25T12:40:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-31T04:45:03.502+02:00","length":1237,"duration":1237,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/264-7ea1f603-1d9d-5335-9352-f434c9be69b3.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/264-7ea1f603-1d9d-5335-9352-f434c9be69b3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/264-7ea1f603-1d9d-5335-9352-f434c9be69b3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/264-7ea1f603-1d9d-5335-9352-f434c9be69b3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-264-systemd-255-in-tizen-or-how-we-have-paid-our-technical-debt-and-took-another-one","url":"https://api.media.ccc.de/public/events/7ea1f603-1d9d-5335-9352-f434c9be69b3","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"7f1f20b6-2d00-5d2e-8e18-be390d7da2d3","title":"systemd \u0026 TPM in 2024","subtitle":null,"slug":"all-systems-go-2024-275-systemd-tpm-in-2024","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/VQLZBT/","description":"An update on systemd's TPM features, i.e. what happened since last year, i.e. systemd-pcrlock, NvPCRs, and Varlink APIs.\n\nAt last year's ASG I already did a systemd \u0026 TPM talk, and this is supposed to be a follow-up to that, with everything that happened since then, plus what's next and what's missing.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Lennart Poettering"],"tags":["275","asg2024","Main Hall","2024","Day 1"],"view_count":668,"promoted":false,"date":"2024-09-25T15:20:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-27T18:15:07.217+01:00","length":2773,"duration":2773,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/275-7f1f20b6-2d00-5d2e-8e18-be390d7da2d3.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/275-7f1f20b6-2d00-5d2e-8e18-be390d7da2d3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/275-7f1f20b6-2d00-5d2e-8e18-be390d7da2d3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/275-7f1f20b6-2d00-5d2e-8e18-be390d7da2d3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-275-systemd-tpm-in-2024","url":"https://api.media.ccc.de/public/events/7f1f20b6-2d00-5d2e-8e18-be390d7da2d3","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"c53164c4-5788-5c80-8f43-d61333faf80d","title":"bootc: Generating an ecosystem around bootable OCI containers","subtitle":null,"slug":"all-systems-go-2024-266-bootc-generating-an-ecosystem-around-bootable-oci-containers","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/LA9LXV/","description":"Containers have become the de facto choice for deploying most applications, and all of us benefit from the isolation, portability, and the surrounding ecosystem.   In this talk we’ll take a deep dive into the world of bootable containers, using the same ideas, goals and technology for the host system (whether virtualized or bare metal).  We’ll look at the bootc project under the github.com/containers umbrella and its current flagship distribution usage in the new Fedora/CentOS bootc project and initiative.  We hope you are as excited as we are by taking cloud-native approaches down to the operating system level, and a key goal is finding points that can be shared with other components of the ecosystem, from the uapi-group.org to other container-based OSes.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Ben Breard","Colin Walters"],"tags":["266","asg2024","Dome","2024","Day 1"],"view_count":343,"promoted":false,"date":"2024-09-25T15:20:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-04-02T04:15:04.470+02:00","length":2616,"duration":2616,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/266-c53164c4-5788-5c80-8f43-d61333faf80d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/266-c53164c4-5788-5c80-8f43-d61333faf80d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/266-c53164c4-5788-5c80-8f43-d61333faf80d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/266-c53164c4-5788-5c80-8f43-d61333faf80d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-266-bootc-generating-an-ecosystem-around-bootable-oci-containers","url":"https://api.media.ccc.de/public/events/c53164c4-5788-5c80-8f43-d61333faf80d","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"9d585bb0-08af-5ac7-82fa-bafbd02fca83","title":"Improving systemd’s integration testing infrastructure","subtitle":null,"slug":"all-systems-go-2024-273-improving-systemd-s-integration-testing-infrastructure","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/9JKWCT/","description":"The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.\n\nSystemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.\nThe Sovereign Tech Fund provided an opportunity to improve things, and rewrite the test suite to use a select number of special-purpose tools and\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Sam Leonard"],"tags":["273","asg2024","Main Hall","2024","Day 2"],"view_count":30,"promoted":false,"date":"2024-09-26T16:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-01-15T20:15:14.053+01:00","length":1215,"duration":1215,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/273-9d585bb0-08af-5ac7-82fa-bafbd02fca83.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/273-9d585bb0-08af-5ac7-82fa-bafbd02fca83_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/273-9d585bb0-08af-5ac7-82fa-bafbd02fca83.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/273-9d585bb0-08af-5ac7-82fa-bafbd02fca83.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-273-improving-systemd-s-integration-testing-infrastructure","url":"https://api.media.ccc.de/public/events/9d585bb0-08af-5ac7-82fa-bafbd02fca83","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"8706410f-a327-50c3-a0e8-d7d96575c27e","title":"A new way to develop on immutable Linux","subtitle":null,"slug":"all-systems-go-2024-322-a-new-way-to-develop-on-immutable-linux","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/NSKLAR/","description":"A new way to develop on immutable Linux\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Abderrahim Kitouni"],"tags":["322","asg2024","Main Hall","2024","Day 1"],"view_count":150,"promoted":false,"date":"2024-09-25T18:18:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-21T23:45:07.361+01:00","length":324,"duration":324,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/322-8706410f-a327-50c3-a0e8-d7d96575c27e.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/322-8706410f-a327-50c3-a0e8-d7d96575c27e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/322-8706410f-a327-50c3-a0e8-d7d96575c27e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/322-8706410f-a327-50c3-a0e8-d7d96575c27e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-322-a-new-way-to-develop-on-immutable-linux","url":"https://api.media.ccc.de/public/events/8706410f-a327-50c3-a0e8-d7d96575c27e","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"2f7cb6c1-60a9-507e-b099-371e6c45cf80","title":"Integrating systemd soft-reboot into a distribution and surviving it","subtitle":null,"slug":"all-systems-go-2024-258-integrating-systemd-soft-reboot-into-a-distribution-and-surviving-it","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/YUAPMX/","description":"In this talk, I will discuss how Linux distributions can integrate and benefit from using systemd soft-reboot. Using openSUSE Tumbleweed as an example, I will show where and how it makes sense for traditional Linux distributions to use it and where the pitfalls are. With openSUSE MicroOS, we have a distribution with a read-only root file system that particularly benefits from a soft-reboot because a reboot is necessary after every update in order to change the root file system. However, this also requires special measures to ensure that it always functions smoothly.\n\nAfterwards I will talk about the requirements and solutions for services to survive a soft reboot and what's necessary to make the whole thing supportable.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Thorsten Kukuk"],"tags":["258","asg2024","Main Hall","2024","Day 2"],"view_count":327,"promoted":false,"date":"2024-09-26T11:35:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-26T00:45:06.870+01:00","length":2465,"duration":2465,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/258-2f7cb6c1-60a9-507e-b099-371e6c45cf80.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/258-2f7cb6c1-60a9-507e-b099-371e6c45cf80_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/258-2f7cb6c1-60a9-507e-b099-371e6c45cf80.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/258-2f7cb6c1-60a9-507e-b099-371e6c45cf80.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-258-integrating-systemd-soft-reboot-into-a-distribution-and-surviving-it","url":"https://api.media.ccc.de/public/events/2f7cb6c1-60a9-507e-b099-371e6c45cf80","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"e738b363-229c-594e-a21a-5560bb997825","title":"Installing your OS with systemd-repart","subtitle":null,"slug":"all-systems-go-2024-283-installing-your-os-with-systemd-repart","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/","description":"There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did it\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Adrian Vovk"],"tags":["283","asg2024","Dome","2024","Day 2"],"view_count":134,"promoted":false,"date":"2024-09-26T16:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-01T17:30:11.013+01:00","length":1319,"duration":1319,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/283-e738b363-229c-594e-a21a-5560bb997825.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/283-e738b363-229c-594e-a21a-5560bb997825_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/283-e738b363-229c-594e-a21a-5560bb997825.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/283-e738b363-229c-594e-a21a-5560bb997825.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-283-installing-your-os-with-systemd-repart","url":"https://api.media.ccc.de/public/events/e738b363-229c-594e-a21a-5560bb997825","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"a12dc80f-bbf8-5228-bd73-9afbfcaefea4","title":"eBPF Data Collection for Everyone – empowering the community to obtain Linux insights using Inspektor Gadget","subtitle":null,"slug":"all-systems-go-2024-287-ebpf-data-collection-for-everyone-empowering-the-community-to-obtain-linux-insights-using-inspektor-gadget","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/PVGU77/","description":"In this presentation we show how eBPF programmers can easily distribute their programs using Inspektor Gadget, a tool designed for the creation, deployment, and execution of eBPF programs (gadgets) across Kubernetes and Linux environments. Inspektor Gadget encapsulates eBPF programs into OCI containers, providing well-understood and easily distributable units.  We then detail how an end user can use Inspektor Gadget to easily derive valuable systems insights.\n\nWe'll give a brief overview of Inspektor Gadget's automatic data enrichment process, transforming complex kernel information into high-level, understandable concepts tied to Kubernetes and container runtimes. This feature bridges the knowledge gap between raw, low-level data and more interpretable information, improving the understanding of system behavior.\nWe will explain how users can write their own gadgets and make use of different helper APIs provided by Inspektor Gadget for socket enricher, file path discovery and container filtering, etc.\nWe will show how to combine existing gadgets into a new one, add additional post-processing logic  using WASM or Lua and export the resulting data to different targets, using for example OpenTelemetry.\nThroughout the talk, we'll demonstrate more of Inspektor Gadget's features, its support across various environments, discuss its operational mechanics, and share insights into the future direction of the project.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Alban Crequy","Michael Friese"],"tags":["287","asg2024","Dome","2024","Day 1"],"view_count":85,"promoted":false,"date":"2024-09-25T11:15:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2025-11-11T09:45:03.268+01:00","length":1923,"duration":1923,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/287-a12dc80f-bbf8-5228-bd73-9afbfcaefea4.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/287-a12dc80f-bbf8-5228-bd73-9afbfcaefea4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/287-a12dc80f-bbf8-5228-bd73-9afbfcaefea4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/287-a12dc80f-bbf8-5228-bd73-9afbfcaefea4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-287-ebpf-data-collection-for-everyone-empowering-the-community-to-obtain-linux-insights-using-inspektor-gadget","url":"https://api.media.ccc.de/public/events/a12dc80f-bbf8-5228-bd73-9afbfcaefea4","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"f30e92f5-9f8c-5a96-9dc1-4616bd6af96d","title":"Using Trusted Platform Modules (TPMs) at scale for protecting keys","subtitle":null,"slug":"all-systems-go-2024-292-using-trusted-platform-modules-tpms-at-scale-for-protecting-keys","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/JQZ78P/","description":"Meta runs a large production fleet of servers, all making extensive use of TLS for inter-host communication. As part of a general approach of securing keys against exfiltration a project has been undertaken to make use of existing TPM chips to provide secure storage for high privilege private keys. This talk will touch upon the approach taken to allow for the use of a hardware backed key without compromising performance, but mostly focus on the software infrastructure that needed to be built to provision and monitor TPM health across the fleet (a prerequisite for confirmation of viability).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Jonathan McDowell"],"tags":["292","asg2024","Main Hall","2024","Day 1"],"view_count":116,"promoted":false,"date":"2024-09-25T10:15:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-01-07T02:00:09.742+01:00","length":1568,"duration":1568,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/292-f30e92f5-9f8c-5a96-9dc1-4616bd6af96d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/292-f30e92f5-9f8c-5a96-9dc1-4616bd6af96d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/292-f30e92f5-9f8c-5a96-9dc1-4616bd6af96d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/292-f30e92f5-9f8c-5a96-9dc1-4616bd6af96d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-292-using-trusted-platform-modules-tpms-at-scale-for-protecting-keys","url":"https://api.media.ccc.de/public/events/f30e92f5-9f8c-5a96-9dc1-4616bd6af96d","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"749da409-6d51-53b9-a19a-4e90b5c0672d","title":"SSH authentication using user and machine identities","subtitle":null,"slug":"all-systems-go-2024-320-ssh-authentication-using-user-and-machine-identities","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/JCJ9YT/","description":"Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.\n\nIn this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Morten Linderud"],"tags":["320","asg2024","Dome","2024","Day 2"],"view_count":522,"promoted":false,"date":"2024-09-26T15:15:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-04-02T10:45:06.010+02:00","length":2304,"duration":2304,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-320-ssh-authentication-using-user-and-machine-identities","url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"0f08f9a2-a963-52cd-9ea7-ea81259e0d3e","title":"systemd-ifying postmarketOS, our immutable future, and why Alpine is cooler than you thought","subtitle":null,"slug":"all-systems-go-2024-278-systemd-ifying-postmarketos-our-immutable-future-and-why-alpine-is-cooler-than-you-thought","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/LJXCKK/","description":"postmarketOS was started with the lofty goal of enabling long term support for\nmobile phones and other devices with traditionally short lifespans, and doing so\noutside of the Android walled garden. This has inevitably resulted in a lot of\nupstream focused hardware bringup and development. Join us and learn what\nour community have been building, how we're running systemd on Alpine Linux\nand what we see in the future for postmarketOS.\n\nThrough community driven efforts and collaboration, postmarketOS has grown into\na highly adaptable platform which runs on anything from smartwatches and TVs to\nphones and laptops.\n\nIn this talk, Caleb and Clayton discuss how our unique approach to tooling and\npackage management have allowed such a small community to scale up to support\nhundreds of devices with more than 5 different bootloaders, over a dozen user\ninterfaces, and now two init systems.\n\nThey will cover:\n\n* A rough overview of the distro architecture\n* How device abstractions work in postmarketOS \n* Pmbootstrap and apk for fast developer iteration at a low cost\n* Systemd bootstrapping and current status\n* Our plan for an immutable postmarketOS (and request for feedback)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Caleb Connolly","Clayton Craft"],"tags":["278","asg2024","Main Hall","2024","Day 2"],"view_count":1310,"promoted":false,"date":"2024-09-26T10:50:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-04-02T01:30:04.432+02:00","length":2531,"duration":2531,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/278-0f08f9a2-a963-52cd-9ea7-ea81259e0d3e.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/278-0f08f9a2-a963-52cd-9ea7-ea81259e0d3e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/278-0f08f9a2-a963-52cd-9ea7-ea81259e0d3e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/278-0f08f9a2-a963-52cd-9ea7-ea81259e0d3e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-278-systemd-ifying-postmarketos-our-immutable-future-and-why-alpine-is-cooler-than-you-thought","url":"https://api.media.ccc.de/public/events/0f08f9a2-a963-52cd-9ea7-ea81259e0d3e","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"120b9ff9-7c55-50a3-afa2-b2dfaec752b2","title":"Boring infrastructure: Building a secure signing environment","subtitle":null,"slug":"all-systems-go-2024-263-boring-infrastructure-building-a-secure-signing-environment","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/WWEGGC/","description":"Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.\n\nThis presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/signstar/) project, which is currently under development by Arch Linux to provide a generic signing solution based on a Hardware Security Module (HSM).\n\nTo improve build automation and general supply chain security for Arch Linux, some of its developers have started to conceptualize and work on a generic, central signing solution: [Signstar](https://gitlab.archlinux.org/archlinux/signstar/).\nIn this context, related work has been evaluated for adoption, but it soon became clear, that to meet the distribution's requirements a custom solution would be implemented.\n\nFor transparency and auditability reasons Nitrokey's NetHSM has been chosen as Hardware Security Module (HSM).\nDevelopers are actively working on a high-level Rust library and CLI to interface with the device over network.\n\nIn this presentation I will introduce the viewer to some of Arch Linux's relevant history and requirements, the evaluated architecture and setup.\nTogether we will have a look at Signstar's threat model, its design for minimizing credentials exposure of the HSM, as well as its integration with the OpenPGP ecosystem.\nAdditionally, we will explore avenues for future work on other generic cryptographic operations in the context of X.509, SSH and Secure Boot.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["David Runge"],"tags":["263","asg2024","Main Hall","2024","Day 2"],"view_count":1295,"promoted":false,"date":"2024-09-26T15:15:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-22T19:00:10.088+01:00","length":2549,"duration":2549,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/263-120b9ff9-7c55-50a3-afa2-b2dfaec752b2.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/263-120b9ff9-7c55-50a3-afa2-b2dfaec752b2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/263-120b9ff9-7c55-50a3-afa2-b2dfaec752b2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/263-120b9ff9-7c55-50a3-afa2-b2dfaec752b2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-263-boring-infrastructure-building-a-secure-signing-environment","url":"https://api.media.ccc.de/public/events/120b9ff9-7c55-50a3-afa2-b2dfaec752b2","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"f4ef97aa-2e5e-5507-915f-e2ac36642e9f","title":"initrd performance improvements","subtitle":null,"slug":"all-systems-go-2024-291-initrd-performance-improvements","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/9T8LTT/","description":"Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present further speed improvements that can/will be implemented in the future. That includes rewriting parts in modern languages like Rust.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Benjamin Drung"],"tags":["291","asg2024","Main Hall","2024","Day 2"],"view_count":109,"promoted":false,"date":"2024-09-26T18:00:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2025-06-02T04:30:02.958+02:00","length":1336,"duration":1336,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/291-f4ef97aa-2e5e-5507-915f-e2ac36642e9f.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/291-f4ef97aa-2e5e-5507-915f-e2ac36642e9f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/291-f4ef97aa-2e5e-5507-915f-e2ac36642e9f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/291-f4ef97aa-2e5e-5507-915f-e2ac36642e9f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-291-initrd-performance-improvements","url":"https://api.media.ccc.de/public/events/f4ef97aa-2e5e-5507-915f-e2ac36642e9f","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"1bd5ae35-703c-5d99-9830-25a98132ff61","title":"oo7-daemon + systemd per-user credentials","subtitle":null,"slug":"all-systems-go-2024-314-oo7-daemon-systemd-per-user-credentials","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/8TMT9T/","description":"oo7-daemon (a temporary name based on the oo7 client library) project aims to provide a replacement for the gnome-keyring-daemon as the new D-Bus Secret Service provider in the GNOME desktop environment. In this talk I will go through the latest development plans and the progress made to integrate TPM backed credentials support to oo7-daemon using systemd per-user credentials as a backend.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Dhanuka Warusadura"],"tags":["314","asg2024","Main Hall","2024","Day 1"],"view_count":59,"promoted":false,"date":"2024-09-25T18:05:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-11T22:30:07.412+01:00","length":160,"duration":160,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/314-1bd5ae35-703c-5d99-9830-25a98132ff61.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/314-1bd5ae35-703c-5d99-9830-25a98132ff61_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/314-1bd5ae35-703c-5d99-9830-25a98132ff61.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/314-1bd5ae35-703c-5d99-9830-25a98132ff61.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-314-oo7-daemon-systemd-per-user-credentials","url":"https://api.media.ccc.de/public/events/1bd5ae35-703c-5d99-9830-25a98132ff61","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"a5f25d89-3346-54b5-a0bb-0496241657da","title":"Rediscovering systemd Portable Services","subtitle":null,"slug":"all-systems-go-2024-271-rediscovering-systemd-portable-services","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/DGVBSC/","description":"systemd introduced Portable Services support in 2018, as part of v239. This feature was covered at ASG 2018 and in a blog post published at the time: https://0pointer.net/blog/walkthrough-for-portable-services.html\nBut a lot has changed in the past 6 years, and very crucial new features have been introduced, so it is time to have another look at this topic and see what has happened in the meanwhile, what new use cases have opened up, and what is coming in the near future.\n\nhttps://systemd.io/PORTABLE_SERVICES/\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Luca Boccassi"],"tags":["271","asg2024","Main Hall","2024","Day 1"],"view_count":140,"promoted":false,"date":"2024-09-25T17:30:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-08T17:45:07.267+01:00","length":1468,"duration":1468,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/271-a5f25d89-3346-54b5-a0bb-0496241657da.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/271-a5f25d89-3346-54b5-a0bb-0496241657da_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/271-a5f25d89-3346-54b5-a0bb-0496241657da.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/271-a5f25d89-3346-54b5-a0bb-0496241657da.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-271-rediscovering-systemd-portable-services","url":"https://api.media.ccc.de/public/events/a5f25d89-3346-54b5-a0bb-0496241657da","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"c4be1b16-c25d-5760-8f03-bc488ce99709","title":"Efficient RAUC Updates using composefs","subtitle":null,"slug":"all-systems-go-2024-311-efficient-rauc-updates-using-composefs","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/3DKX9V/","description":"A quick overview of how RAUC uses libcomposefs to handle new use-cases.\n\nTraditionally, RAUC focused on A/B updates for whole partitions, either by\nusing filesystem images or tar archives. While the image-based OS approach\nhas many benefits, there are scenarios where more loosely coupled components\nneed to be handle in addition to the root filesystem.\nIn RAUC, these can be handled with using the new \"artifact updates\" support.\n\nAs a system might have many artifacts installed in parallel, such as for\ncontainers (systemd-nspawn or otherwise) and systemd-sysexts, efficient storage\nis important. In many cases, these are updated often, so download efficiency is\nimportant as well.\n\nAfter evaluating multiple alternatives, we've now decided to integrate composefs.\nBesides solving the requirements above, it additionally provides the same level\nof integrity protection as a dm-verity root filesystem, which is important in\nsystems using secure boot.\n\nThis talk will show how RAUC uses libcomposefs and the new use-cases supported\nby having an efficient content-addressed backing store with full authentication.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Jan Lübbe"],"tags":["311","asg2024","Main Hall","2024","Day 1"],"view_count":97,"promoted":false,"date":"2024-09-25T18:00:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-07T10:30:08.072+01:00","length":320,"duration":320,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/311-c4be1b16-c25d-5760-8f03-bc488ce99709.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/311-c4be1b16-c25d-5760-8f03-bc488ce99709_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/311-c4be1b16-c25d-5760-8f03-bc488ce99709.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/311-c4be1b16-c25d-5760-8f03-bc488ce99709.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-311-efficient-rauc-updates-using-composefs","url":"https://api.media.ccc.de/public/events/c4be1b16-c25d-5760-8f03-bc488ce99709","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"9b5213ab-3052-597b-8727-a6eb2761ff41","title":"Removing Cloud Providers From the Zero Trust Equation","subtitle":null,"slug":"all-systems-go-2024-253-removing-cloud-providers-from-the-zero-trust-equation","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/AG7L3K/","description":"This presentation introduces a novel approach to enhance the trust in SPIFFE by leveraging confidential computing technologies, specifically Confidential Virtual Machines.\nThe presentation will provide an introduction to the realm of confidential computing, as well as an overview of SPIFFE/SPIRE. Armed with this knowledge we will demonstrate a practical example that integrates the AWS Instance Identity Document plugin with AMD SEV-SNP, showcasing the implementation challenges and solutions.\n\nSPIFFE is a framework to generate identities for software systems in dynamic and heterogeneous environments. SPIFFE Verifiable Identity Documents (SVIDs) enable us to be explicit about the trust we place in systems. However, the degree of trust we can place in SVIDs relies heavily on the soundness of the data gathering and verification process during node attestation.\n\nThis presentation introduces a novel approach to enhance the trust in SVIDs by leveraging confidential computing technologies, specifically Confidential Virtual Machines (CVMs) such as AMD SEV-SNP or Intel TDX. These technologies enable us to track platform information directly in hardware, including firmware, boot loader, and kernel images, which are then signed with a key rooted inside the CPU itself. By incorporating hardware-protected platform information directly into the SVID generation process, we can significantly enhance the confidence placed in the resulting identity documents. Additionally, consumers of these SVIDs will be able to assert these properties before placing trust in a system.\n\nThe presentation will provide an introduction to the realm of confidential computing, as well as provide an overview of SPIFFE/SPIRE, including the architecture of SPIRE agents and servers, the concept of workloads and SPIFFE SVIDs, and the role of node plugins in the attestation process. A practical example that integrates the AWS Instance Identity Document plugin with AMD SEV-SNP will be demonstrated, showcasing the implementation challenges and solutions.\n\nThrough this presentation, attendees will gain insights into how confidential computing technologies can bolster the security of critical systems in an untrusted cloud environment, paving the way for more robust and resilient infrastructure in modern computing environments.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Fabian Kammel"],"tags":["253","asg2024","Dome","2024","Day 2"],"view_count":105,"promoted":false,"date":"2024-09-26T12:20:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-03T16:15:12.450+01:00","length":2257,"duration":2257,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/253-9b5213ab-3052-597b-8727-a6eb2761ff41.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/253-9b5213ab-3052-597b-8727-a6eb2761ff41_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/253-9b5213ab-3052-597b-8727-a6eb2761ff41.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/253-9b5213ab-3052-597b-8727-a6eb2761ff41.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-253-removing-cloud-providers-from-the-zero-trust-equation","url":"https://api.media.ccc.de/public/events/9b5213ab-3052-597b-8727-a6eb2761ff41","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"e8d9b650-1021-5bf5-b076-f5cbfbd1cd6f","title":"Reproducible Builds at Sidero Labs: Tools and Techniques","subtitle":null,"slug":"all-systems-go-2024-296-reproducible-builds-at-sidero-labs-tools-and-techniques","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/RYZJ9W/","description":"Ensuring consistent and secure software builds is crucial in today's cloud-native environments. At Sidero Labs, we've developed a comprehensive approach to reproducible builds for Talos Linux using a variety of tools and techniques. This talk will explore our use of Docker Buildx, Kres, and other key components that contribute to our build system. We'll share insights into our methods, challenges faced, and solutions implemented, providing practical guidance for developers aiming to achieve reproducibility in their own projects.\n\nTo achieve a fully reproducible stack, from the kernel and initramfs to the software we own and third-party software we build, we use multiple tools in our toolset:\n\n- Buildx: Provides a consistent environment for building software.\n- Kres: Our project scaffolding tool for generating and updating build instructions and dependencies.\n- Code Patches: Address issues in third-party projects that prevent reproducible builds.\n- Tests: Written by us to ensure and verify reproducibility.\n\nIn this talk, we will cover each of these tools and techniques, providing examples and practical insights. You will learn how to apply these methods to achieve reproducible builds in your own projects, gaining a complete picture of our approach and how it can be adapted to your needs.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Utku Özdemir"],"tags":["296","asg2024","Dome","2024","Day 2"],"view_count":59,"promoted":false,"date":"2024-09-26T09:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2025-10-28T02:00:02.378+01:00","length":1620,"duration":1620,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/296-e8d9b650-1021-5bf5-b076-f5cbfbd1cd6f.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/296-e8d9b650-1021-5bf5-b076-f5cbfbd1cd6f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/296-e8d9b650-1021-5bf5-b076-f5cbfbd1cd6f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/296-e8d9b650-1021-5bf5-b076-f5cbfbd1cd6f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-296-reproducible-builds-at-sidero-labs-tools-and-techniques","url":"https://api.media.ccc.de/public/events/e8d9b650-1021-5bf5-b076-f5cbfbd1cd6f","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"789104b6-c47a-51be-91ff-0b62d29429f0","title":"systemd: state of the project","subtitle":null,"slug":"all-systems-go-2024-269-systemd-state-of-the-project","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/RLZEPD/","description":"Same as every year, a lot has happened in the systemd project since last year's\nASG. We released multiple versions, packed with new components and features.\nThis talk will provide an overview of these changes, commenting on successes and\nchallenges, and a sneak peak at what lies ahead.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Luca Boccassi","Zbigniew Jędrzejewski-Szmek"],"tags":["269","asg2024","Main Hall","2024","Day 2"],"view_count":398,"promoted":false,"date":"2024-09-26T09:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-16T03:45:03.913+01:00","length":1436,"duration":1436,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/269-789104b6-c47a-51be-91ff-0b62d29429f0.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/269-789104b6-c47a-51be-91ff-0b62d29429f0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/269-789104b6-c47a-51be-91ff-0b62d29429f0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/269-789104b6-c47a-51be-91ff-0b62d29429f0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-269-systemd-state-of-the-project","url":"https://api.media.ccc.de/public/events/789104b6-c47a-51be-91ff-0b62d29429f0","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"b21d8933-5766-5d6f-b39b-aac1c4e765ae","title":"Can systemd-resolved replace Avahi?","subtitle":null,"slug":"all-systems-go-2024-297-can-systemd-resolved-replace-avahi-","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/C3DZDS/","description":"Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.\n\nThere are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a third one in systemd-resolved -- widely installed but rarely used.\n\nIn this talk, I will explain how mDNS and DNS-SD work individually and together, and explore how to use them with resolvectl. I'll also try to go over the deficiencies in the systemd-resolved and have a discussion about the ways that it can be improved to replace Avahi as the default implementation on GNU/Linux systems.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Abderrahim Kitouni"],"tags":["297","asg2024","Dome","2024","Day 2"],"view_count":391,"promoted":false,"date":"2024-09-26T18:00:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-31T03:30:04.299+02:00","length":1372,"duration":1372,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/297-b21d8933-5766-5d6f-b39b-aac1c4e765ae.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/297-b21d8933-5766-5d6f-b39b-aac1c4e765ae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/297-b21d8933-5766-5d6f-b39b-aac1c4e765ae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/297-b21d8933-5766-5d6f-b39b-aac1c4e765ae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-297-can-systemd-resolved-replace-avahi-","url":"https://api.media.ccc.de/public/events/b21d8933-5766-5d6f-b39b-aac1c4e765ae","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"114574b7-c1a3-51ad-8834-9440df675e51","title":"Fort Kairos: A New Dawn for Secure Linux in Untrusted Environments","subtitle":null,"slug":"all-systems-go-2024-249-fort-kairos-a-new-dawn-for-secure-linux-in-untrusted-environments","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/9VPPTC/","description":"At the edge, there's one thing we know for sure: it's not to be trusted. But imagine if Kairos could change that, letting you sleep soundly knowing your intellectual property is secure.\n\nKairos is a fully open source project to run kubernetes at the edge. As such, we have put Trusted Boot into action. Inspired by Lennard Pottering, the mind behind Systemd, we've leveraged Secure Boot, Trusted Boot, TPM, and disk encryption. The result? A Linux OS that's built tough against the challenges of untrusted environments.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Mauro Morales"],"tags":["249","asg2024","Dome","2024","Day 1"],"view_count":73,"promoted":false,"date":"2024-09-25T14:35:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2025-10-16T13:15:02.588+02:00","length":2155,"duration":2155,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/249-114574b7-c1a3-51ad-8834-9440df675e51.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/249-114574b7-c1a3-51ad-8834-9440df675e51_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/249-114574b7-c1a3-51ad-8834-9440df675e51.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/249-114574b7-c1a3-51ad-8834-9440df675e51.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-249-fort-kairos-a-new-dawn-for-secure-linux-in-untrusted-environments","url":"https://api.media.ccc.de/public/events/114574b7-c1a3-51ad-8834-9440df675e51","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"8086a40b-8550-5052-805b-8a903fa5dc0b","title":"interacting with systemd from high level languages","subtitle":null,"slug":"all-systems-go-2024-260-interacting-with-systemd-from-high-level-languages","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/VAQPQW/","description":"Probably the way systemd is thought of and used is mostly as a service manager, and a collection of tools built around the idea of “low level user space”. We rarely think of it as a library that can be used as part of any high level language or application. This talk will cover this aspect of systemd, and through the lens of pystemd, explore how applications can use (and abuse) systemd.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Alvaro Leiva Geisse"],"tags":["260","asg2024","Dome","2024","Day 1"],"view_count":72,"promoted":false,"date":"2024-09-25T17:30:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-01-31T18:15:11.042+01:00","length":1230,"duration":1230,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/260-8086a40b-8550-5052-805b-8a903fa5dc0b.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/260-8086a40b-8550-5052-805b-8a903fa5dc0b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/260-8086a40b-8550-5052-805b-8a903fa5dc0b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/260-8086a40b-8550-5052-805b-8a903fa5dc0b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-260-interacting-with-systemd-from-high-level-languages","url":"https://api.media.ccc.de/public/events/8086a40b-8550-5052-805b-8a903fa5dc0b","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"be3241e8-53ad-5596-b429-33c887d9f149","title":"Enhancing Security with Systemd: Secure Web Tokens and TPM 2.0","subtitle":null,"slug":"all-systems-go-2024-265-enhancing-security-with-systemd-secure-web-tokens-and-tpm-2-0","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/9KSPSA/","description":"As the digital landscape evolves, ensuring robust security measures becomes paramount. In this talk, we will explore the implementation of a new systemd service designed to enhance secure web token management through TPM 2.0 and FIDO2 support. This integration facilitates seamless interaction with the xdg-credentials-portal, aiming to provide a straightforward and secure approach to handling credentials.\n\nKey Points:\n\nSystemd Service Implementation: An in-depth look at how we are leveraging systemd to create a secure service for web tokens.\nTPM 2.0 and FIDO2 Integration: Understanding the role of TPM 2.0 and FIDO2 in enhancing hardware security.\nSeamless Integration with xdg-credentials-portal: Demonstrating the ease of use and benefits of integrating with the xdg-credentials-portal for secure credential management.\nNew Functionality in Systemd: Discussing the significance of this new functionality and its potential impact on the systemd community.\nTargeted at systemd developers and enthusiasts, this session will provide valuable insights into the implementation process, the benefits of using TPM 2.0 modules for hardware security, and the overall enhancement of systemd functionalities. Attendees will leave with a clear understanding of the concepts and the practical steps required to integrate these security features into their own projects.\n\nJoin us to explore the future of secure web tokens with systemd and how this integration can simplify and strengthen security protocols in your system architecture.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Philipp Deppenwiese"],"tags":["265","asg2024","Main Hall","2024","Day 1"],"view_count":103,"promoted":false,"date":"2024-09-25T10:45:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-21T18:45:03.758+01:00","length":1460,"duration":1460,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/265-be3241e8-53ad-5596-b429-33c887d9f149.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/265-be3241e8-53ad-5596-b429-33c887d9f149_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/265-be3241e8-53ad-5596-b429-33c887d9f149.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/265-be3241e8-53ad-5596-b429-33c887d9f149.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-265-enhancing-security-with-systemd-secure-web-tokens-and-tpm-2-0","url":"https://api.media.ccc.de/public/events/be3241e8-53ad-5596-b429-33c887d9f149","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"bce86c58-94c5-5e07-885b-7bd20ac3db30","title":"Full Disk Encryption in openSUSE MicroOS and Tumbleweed","subtitle":null,"slug":"all-systems-go-2024-259-full-disk-encryption-in-opensuse-microos-and-tumbleweed","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/93KLUJ/","description":"The openSUSE project has been looking for a Full Disk Encryption (FDE) solution since long ago. After some iterations we are converging in a systemd based solution. This talks will present the alternatives and will focus in the current proposed solution based on systemd-pcrlock.\n\nThe openSUSE distribution is moving toward a FDE based on systemd, using signed policies or nvindex policies.  We will review the different solutions that we worked on, and we will compare them briefly. We also describe some of the architectural changes done in the distribution before we can use the systemd tools.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Alberto Planas Dominguez"],"tags":["259","asg2024","Main Hall","2024","Day 1"],"view_count":130,"promoted":false,"date":"2024-09-25T11:15:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-26T15:15:07.684+01:00","length":2147,"duration":2147,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/259-bce86c58-94c5-5e07-885b-7bd20ac3db30.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/259-bce86c58-94c5-5e07-885b-7bd20ac3db30_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/259-bce86c58-94c5-5e07-885b-7bd20ac3db30.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/259-bce86c58-94c5-5e07-885b-7bd20ac3db30.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-259-full-disk-encryption-in-opensuse-microos-and-tumbleweed","url":"https://api.media.ccc.de/public/events/bce86c58-94c5-5e07-885b-7bd20ac3db30","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"2dc340b4-8277-5885-9100-54e3b6f48a59","title":"Fixing an old Linux process memory security bug","subtitle":null,"slug":"all-systems-go-2024-286-fixing-an-old-linux-process-memory-security-bug","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/9UVMR7/","description":"There is a well-known trade-off between security lockdowns and a user's abiliy to\ndebug/inspect a system. The Linux kernel is finally fixing an old proc/mem security\nbug which illustrates this trade-off nicely. The kernel will provide a mechanism,\nso distros need to implement a policy according to their own security needs, to\nrestrict proc/mem access (it gives userspace RW access to processes memory).\n\nThis talk goes into the what, why and how of getting this bug fixed, with some policies\nfor plugging the long-standing hole for different use-cases, without breaking\ndebuggers or container supervisors.\n\nThis talk is based the Linux patch series [1] which is extending the /proc/*/mem access\ncontrols beyond the normal file-based permissions, to restrict various access during\nkernel builds (Kconfig level) or early boot via static/read-only key parameters. It\nis expected to land in kernel v6.11, to be released in late Q3 / early Q4 2024.\nThe author is looking for opinions whether this should be backported to stable trees\nsince the patch is somewhere between a bugfix and a new feature.\n\n[1] https://patchwork.kernel.org/project/linux-fsdevel/patch/20240613133937.2352724-2-adrian.ratiu@collabora.com/\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Adrian Ratiu"],"tags":["286","asg2024","Dome","2024","Day 1"],"view_count":50,"promoted":false,"date":"2024-09-25T11:55:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-31T04:15:02.967+02:00","length":1889,"duration":1889,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/286-2dc340b4-8277-5885-9100-54e3b6f48a59.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/286-2dc340b4-8277-5885-9100-54e3b6f48a59_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/286-2dc340b4-8277-5885-9100-54e3b6f48a59.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/286-2dc340b4-8277-5885-9100-54e3b6f48a59.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-286-fixing-an-old-linux-process-memory-security-bug","url":"https://api.media.ccc.de/public/events/2dc340b4-8277-5885-9100-54e3b6f48a59","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"f3305f05-435b-522f-bf16-fe268c411ea5","title":"Reproducible and Immutable OS Images with NixOS","subtitle":null,"slug":"all-systems-go-2024-251-reproducible-and-immutable-os-images-with-nixos","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/MRDURE/","description":"Many consider NixOS a great tool for declarative definition of their OS, but only few know about its capabilities for Image-based Linux. NixOS offers the tools to combine modern technologies such as discoverable disk images (DDIs), unified kernel images (UKIs), and TPM-based measured boot for transforming declarative configurations into security-focused and immutable OS images for both the server and the desktop.\n\nThis talk showcases how we build such reproducible and immutable DDIs with NixOS, and how ukify, systemd-repart, dm-verity and measured boot are involved in that process. We will also briefly cover the support of SecureBoot in NixOS through the Lanzaboote project, and what else is yet to come for image-based NixOS.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Moritz Sanft"],"tags":["251","asg2024","Main Hall","2024","Day 1"],"view_count":368,"promoted":false,"date":"2024-09-25T09:30:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-04-02T04:15:04.416+02:00","length":2360,"duration":2360,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/251-f3305f05-435b-522f-bf16-fe268c411ea5.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/251-f3305f05-435b-522f-bf16-fe268c411ea5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/251-f3305f05-435b-522f-bf16-fe268c411ea5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/251-f3305f05-435b-522f-bf16-fe268c411ea5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-251-reproducible-and-immutable-os-images-with-nixos","url":"https://api.media.ccc.de/public/events/f3305f05-435b-522f-bf16-fe268c411ea5","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"c6beb52d-b71a-5412-aec4-ae5dfc48544e","title":"Avocado Linux: Highly Secure Accelerated Embedded Development Platform for (A)IoT","subtitle":null,"slug":"all-systems-go-2024-301-avocado-linux-highly-secure-accelerated-embedded-development-platform-for-a-iot","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/QWTAFC/","description":"Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for production deployment. The transition between these two environments is typically fraught with challenges, consuming significant time and effort.\n\nThis talk introduces Avocado Linux, a highly secure, image-based operating system and layer repository with deeply integrated developer tools. Avocado strikes a perfect balance between flexibility and immutability, combining the best of both worlds, accelerating time to market  without compromising on security.\n\nBy leveraging innovative systemd features like System Extensions, Configuration Extensions, and Portable Services, Avocado Linux provides a robust framework for service management, process isolation, and secure, atomic updates. Its design ensures robust security and system integrity, with comprehensive use of dm-verity and mechanisms for recovery and factory reset, safeguarding device data integrity even in the face of unexpected failures.\n\nJoin us to explore how Avocado can transform your embedded systems development with faster integration, enhanced reliability, and seamless composability. Discover how this distribution delivers significant business value by enabling rapid deployment, maintaining security, and ensuring system integrity. Learn how Avocado abstracts away the complexities of system development, allowing your team and applications to thrive and your embedded product to scale and succeed.\n\nAbout the Talk\nIn this talk we will explore \n* Demo use cases for building complex products\n* Developer tools and workflows\n* Manufacturing optimizations for provisioning and end of line testing\n* In field debugging and system fault tolerance\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Justin Schneck"],"tags":["301","asg2024","Main Hall","2024","Day 2"],"view_count":53,"promoted":false,"date":"2024-09-26T14:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-01-14T00:15:10.593+01:00","length":2476,"duration":2476,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/301-c6beb52d-b71a-5412-aec4-ae5dfc48544e.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/301-c6beb52d-b71a-5412-aec4-ae5dfc48544e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/301-c6beb52d-b71a-5412-aec4-ae5dfc48544e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/301-c6beb52d-b71a-5412-aec4-ae5dfc48544e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-301-avocado-linux-highly-secure-accelerated-embedded-development-platform-for-a-iot","url":"https://api.media.ccc.de/public/events/c6beb52d-b71a-5412-aec4-ae5dfc48544e","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"f9451f76-265a-5da9-bd81-f6cd2a07a0cf","title":"Ideas for improving systemd-boot","subtitle":null,"slug":"all-systems-go-2024-323-ideas-for-improving-systemd-boot","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/DT3RCU/","description":"Ideas for improving systemd-boot\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Tobias Görgens"],"tags":["323","asg2024","Main Hall","2024","Day 1"],"view_count":157,"promoted":false,"date":"2024-09-25T18:20:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-03-31T02:45:02.682+02:00","length":214,"duration":214,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/323-f9451f76-265a-5da9-bd81-f6cd2a07a0cf.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/323-f9451f76-265a-5da9-bd81-f6cd2a07a0cf_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/323-f9451f76-265a-5da9-bd81-f6cd2a07a0cf.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/323-f9451f76-265a-5da9-bd81-f6cd2a07a0cf.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-323-ideas-for-improving-systemd-boot","url":"https://api.media.ccc.de/public/events/f9451f76-265a-5da9-bd81-f6cd2a07a0cf","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"9d9014b2-476e-5c32-a53c-f4491c179555","title":"Waiter, an OS please, with some sysext sprinkled on top","subtitle":null,"slug":"all-systems-go-2024-313-waiter-an-os-please-with-some-sysext-sprinkled-on-top","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/HJLF3C/","description":"On general purpose image based systems such as Flatcar and Fedora CoreOS, users are encouraged to run all their applications using containers. To make updates safe and predictable, the system is mounted as read only and local modifications are discouraged.\n\nWhile containers offer a lot of flexibility on Linux, there are still cases where installing binaries or running applications directly on the host operating system is preferred. For example to add kernel modules, use an alternative container runtime version, add more udev rules, etc.\n\nSome of those use cases could be addressed with statically linked binaries, but their management is manual and their usage creates new issues around updates, versionning, memory footprint and not everything can be statically compiled. Alternatively, one can build its own image but at non-negligeable maintenance costs.\n\nSystemd's system extensions (sys-ext) provide a mechanism to extend the content of the host while preserving the safety guarentees around updates. We will demonstrate how Flatcar, Fedora CoreOS and Atomic Desktops are leveraging sysext images to securely extend the OS. With practical examples and usecases (e.g Cluster API) learn how to install Python, Podman, Kubernetes, ZFS, everything at the same time, by composing your very own image with systemd-sysext.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Mathieu Tortuyaux","Timothée Ravier"],"tags":["313","asg2024","Main Hall","2024","Day 1"],"view_count":242,"promoted":false,"date":"2024-09-25T17:00:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-03-13T00:15:06.550+01:00","length":1525,"duration":1525,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/313-9d9014b2-476e-5c32-a53c-f4491c179555.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/313-9d9014b2-476e-5c32-a53c-f4491c179555_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/313-9d9014b2-476e-5c32-a53c-f4491c179555.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/313-9d9014b2-476e-5c32-a53c-f4491c179555.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-313-waiter-an-os-please-with-some-sysext-sprinkled-on-top","url":"https://api.media.ccc.de/public/events/9d9014b2-476e-5c32-a53c-f4491c179555","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"1923b927-629b-5dfd-9383-fb139f7a0842","title":"Lessons learned from migrating AI accelerator drivers from the kernel to userspace","subtitle":null,"slug":"all-systems-go-2024-279-lessons-learned-from-migrating-ai-accelerator-drivers-from-the-kernel-to-userspace","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/77PFFF/","description":"The kernel driver is dead; long live the userspace driver! In this talk, we’ll discuss the motivation, challenges and outcomes of migrating drivers for Meta’s AI accelerator chips from the kernel to userspace.\n\nTopics include:\n- Managing systemd units at scale\n- Experiences of running IPC over D-Bus\n- Re-writing the driver in Rust\n- The tooling necessary to support a variety of environments\n- Overall deprecation challenges and wins\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["George Utsin"],"tags":["279","asg2024","Dome","2024","Day 1"],"view_count":48,"promoted":false,"date":"2024-09-25T12:40:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-01-22T08:30:08.733+01:00","length":1008,"duration":1008,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/279-1923b927-629b-5dfd-9383-fb139f7a0842.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/279-1923b927-629b-5dfd-9383-fb139f7a0842_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/279-1923b927-629b-5dfd-9383-fb139f7a0842.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/279-1923b927-629b-5dfd-9383-fb139f7a0842.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-279-lessons-learned-from-migrating-ai-accelerator-drivers-from-the-kernel-to-userspace","url":"https://api.media.ccc.de/public/events/1923b927-629b-5dfd-9383-fb139f7a0842","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"a860711f-14c4-5356-92ec-2cb976444e3d","title":"GNOME OS + systemd-sysupdate","subtitle":null,"slug":"all-systems-go-2024-285-gnome-os-systemd-sysupdate","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/MGDHYQ/","description":"As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. \n\nGNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, and major version upgrades.\n\nGNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. It serves as a reference for developers and testers. This operating system is designed and built around the modern systemd and GNU-based userland built from the Freedesktop SDK.\n\nCurrently, GNOME OS uses OSTree to deploy the root filesystem and manage updates. This means that the base OS is immutable (read-only) and updates can be quickly downloaded as deltas. OSTree allows easy rollback to multiple previous versions of the root filesystem, which is essential for a testing-first distribution focused on finding bugs.\n\nOur work focuses on transitioning GNOME OS to use systemd-sysupdate. Migrating to sysupdate would bring the following benefits:\n* Provide a trust chain from the bootloader, all the way up, both online and offline;\n* Achieve a closer integration with systemd;\n* Advance our support for image-based design and its benefits, e.g., immutability, auto-updating, adaptability, factory reset, uniformity and other modernised security properties around image-based OSes.\n\nFor that, we are adding a number of features to systemd-sysupdate to make it more production ready; \n* Implement optional transfers in systemd-sysupdate\n* sysupdate should allow upgrading to a newer major version\n* pluggable backends for systemd-sysupdate (or systemd-import)\n\nThis project was partly inspired by Lennart Pottering's article \"Brave New Trusted Boot World\", in which he explains a vision of the future of Linux systems.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Abderrahim Kitouni","Jude Onyenegecha"],"tags":["285","asg2024","Dome","2024","Day 2"],"view_count":124,"promoted":false,"date":"2024-09-26T17:00:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-02-28T16:45:04.699+01:00","length":1464,"duration":1464,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/285-a860711f-14c4-5356-92ec-2cb976444e3d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/285-a860711f-14c4-5356-92ec-2cb976444e3d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/285-a860711f-14c4-5356-92ec-2cb976444e3d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/285-a860711f-14c4-5356-92ec-2cb976444e3d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-285-gnome-os-systemd-sysupdate","url":"https://api.media.ccc.de/public/events/a860711f-14c4-5356-92ec-2cb976444e3d","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"6f4f3d4f-1ad2-547c-86fb-f6ebe6d6c2f1","title":"mkosi-initrd: initrds built from system packages","subtitle":null,"slug":"all-systems-go-2024-302-mkosi-initrd-initrds-built-from-system-packages","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/JTXJR7/","description":"mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances. The process of adoption of mkosi-initrd in distributions has been slow, but with an implementation natively in mkosi, the technical base is really good. What remains to be done to make this the default approach? Can Fedora 41 finally make this an option for users?\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Zbigniew Jędrzejewski-Szmek"],"tags":["302","asg2024","Main Hall","2024","Day 2"],"view_count":98,"promoted":false,"date":"2024-09-26T17:30:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2025-11-29T17:00:02.416+01:00","length":1701,"duration":1701,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/302-6f4f3d4f-1ad2-547c-86fb-f6ebe6d6c2f1.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/302-6f4f3d4f-1ad2-547c-86fb-f6ebe6d6c2f1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/302-6f4f3d4f-1ad2-547c-86fb-f6ebe6d6c2f1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/302-6f4f3d4f-1ad2-547c-86fb-f6ebe6d6c2f1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-302-mkosi-initrd-initrds-built-from-system-packages","url":"https://api.media.ccc.de/public/events/6f4f3d4f-1ad2-547c-86fb-f6ebe6d6c2f1","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]},{"guid":"39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","title":"Platform security in NixOS","subtitle":null,"slug":"all-systems-go-2024-308-platform-security-in-nixos","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/UQ3CYU/","description":"You may have heard about this weird distribution, NixOS, that breaks compatibility with /usr. \nThis talk explores the properties inherent to NixOS, focusing on its distinct approach to package management and system configuration. Learn how these principles combine with general upstream efforts at bringing TPM2, Secure Boot and more to your Linux distribution.\n\nEverything you wanted to know about why NixOS do things a certain way will be answered here. The idea is that you get out of this talk understanding the different compromises done by the NixOS community and what they get out of it.\n\nWe will cover https://github.com/nix-community/lanzaboote which is a Rust UEFI stub similar to systemd-stub with fewer features but with one unique special feature for NixOS, similar to UKI addons.\n\nWe will also do a status report of where NixOS stands in terms of adoption of systemd features such as systemd-pcrlock.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Ryan Lahfa","Niklas Sturm"],"tags":["308","asg2024","Main Hall","2024","Day 1"],"view_count":386,"promoted":false,"date":"2024-09-25T14:35:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-04-04T10:30:04.263+02:00","length":1255,"duration":1255,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-308-platform-security-in-nixos","url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[]}]}