A Security Model for systemd (asg2025)

Linux lacks a coherent security model, and by extension we never defined one for the systemd project either. In this talk I'd like to start changing this, and begin defining some general security design guidelines that we so far mostly followed implicitly, and make them more explicit. After all, systemd to a large degree is involved in security subsystems, from SecureBoot, Measured Boot & TPM, to its service sandboxing, dm-verity/dm-crypt support, its FIDO2/PKCS#11 hookups, its many security boundaries, secure parameterization, Linux Security Module initialization and more. While this distributions & applications consuming systemd might follow different security models I think it's important to talk about a unified vision from the systemd upstream perspective, even if various downstreams then make modifications or only deploy a subset of it. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/FE98ZY/