Zarhus Developers Meetup #3

Welcome to Zarhus Developers Meetup. Here we would like to welcome all our guests to this small non-public meetup, where we will present the results of the Zarhus Team's recent work. We would like to reiterate on Zarhus: Trustworthy Embedded Linux Distro presentation and give you a heads up about the vision and mission we would like to follow. It is not only about marketing but also about honest openness, authenticity, and accountability, which should be the foundation of every project focusing on trustworthiness.

Have you ever heard of the term "geofencing"? It’s a mechanism that allows limiting various types of access to a specific area. It often uses GPS or cellular information to decide whether a user should be granted access. Computers typically lack the necessary hardware to handle GPR and cellular signals; therefore, geo-fencing is not applicable to stationary computers and laptops. …but what if we could use only the hardware that’s already built into the device, and at the same time increase security?

Enter context-based authentication, a technology that can authorize you using just a built-in Wi-Fi chip. CBA uses CSI (Channel State Information) to create a virtual fingerprint of the nearby environment, which can later be used for authentication. The solution offers greater security than traditional geofencing, and it’s much harder to spoof since it relies on data from many surrounding devices.

During this talk, you’ll have a chance to see CBA in action and explore the interesting stack behind it. We’ll also share some of the advancements we’ve made in the Crosscon project.

Dasharo Tools Suite is your guide to the Dasharo world. So far, it has served as a solid piece of software for end users to install and update Dasharo firmware on their platforms, and a supporting hand for the Dasharo firmware developers. But how is it being tested and validated? What are the next steps for the upcoming releases on the DTS roadmap? These are the questions I want to answer during this presentation.

This presentation reviews Android's hardware-backed security architecture, focusing on low-level mechanisms that protect modern devices. We examine the Trusted Execution Environment (TEE) and its role in securing critical operations like biometric authentication and key management. The talk explores Android Verified Boot (AVB) and hardware root of trust requirements across the diverse Android ecosystem, including implementations from Google Pixel, and other major manufacturers. We discuss how file-based encryption leverages hardware secrets to protect user data at rest. Finally, we address Android's compliance requirements and how they ensure consistent security guarantees across different device manufacturers.

The European Union’s NIS2 Directive marks a new era of mandatory cyber risk management and accountability, with a specific focus on supply chain integrity (Article 21.2). For critical entities, simply checking compliance boxes is no longer enough to ensure continuity and security.

This presentation introduces cryptographic digital independence for your firmware. The strategic principle of taking full, self-sovereign control over your organization's cryptographic signing keys. These keys are the powerhouse for the heart of your machine and the security-critical systems it runs.

We will demonstrate how mastering your own key custody with Zarhus directly transforms NIS2 compliance from a burdensome cost into an automated competitive advantage:

• Direct Risk Mitigation: liberate your firmware from third-party reliance.
• Supply Chain Fortification: Your machine, your firmware, YOUR keys.
• Ultimate Operational Resilience: Ensure long-term maintenance, transparent validation, privacy-respecting implementation, and trustworthiness of your machines.

Discover how key sovereignty is the foundation for building the independent, robust, resilient digital infrastructure that NIS2 demands.

Join us for closing remarks where the Zarhus Team will share our vision for the future and how you can get involved! We’ll discuss our efforts to engage with you and our community and explore the projects we can tackle together. Zarhus is a Yocto-based distribution for embedded devices that draws inspiration from OpenXT and Qubes OS, focusing on maximizing synergy with open-source firmware like Dasharo. We prioritize building a strong Root of Trust and Chain of Trust while leveraging various Trusted Execution Environments (TEEs). Don’t miss this opportunity to learn more and discover how you can contribute to our mission. Your input is essential; together, we can shape Zarhus' future!