make speaker notes more legible, update for marp 4.0.0

This commit is contained in:
Ryan Heywood 2024-10-08 13:36:08 -04:00
parent 0e2e49b859
commit 3dcd7da30d
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 60 additions and 58 deletions

View File

@ -6,6 +6,13 @@ backgroundColor: #fff
<!-- __ --> <!-- __ -->
<!-- Changed in Marp 4.0.0. Re-center -->
<style>
section.lead {
display: flex;
}
</style>
![bg left:40% 80%](img/stagex-logo.png) ![bg left:40% 80%](img/stagex-logo.png)
# Bootstrapping Reproducibility with StageX # Bootstrapping Reproducibility with StageX
@ -80,12 +87,6 @@ ENTRYPOINT ["/usr/bin/mnemonicgen"]
Approach the development of a secure toolchain by ensuring each component uses Approach the development of a secure toolchain by ensuring each component uses
exactly what it needs to build - no more, no less. exactly what it needs to build - no more, no less.
<!--
TODO: include image describing traditional package building, by installing
_every_ dependency in a single OS, with a comparison of stagex only having mini
Containerfiles with just what each project needs.
-->
<!-- Speaker notes <!-- Speaker notes
Most Linux distributions are built for *compatibility* rather than *security*. Most Linux distributions are built for *compatibility* rather than *security*.
This results in a dramatic increase of attack surface area of an operating This results in a dramatic increase of attack surface area of an operating
@ -93,9 +94,22 @@ system. StageX is designed to allow the creation of application specific
environments with a minimal footprint to eliminate attack surface area. Each environments with a minimal footprint to eliminate attack surface area. Each
component of the toolchain installs only what it needs, and only packages what component of the toolchain installs only what it needs, and only packages what
it builds, resulting in a decreased attack surface. it builds, resulting in a decreased attack surface.
StageX is the first Linux multisig distribution, is one of two fully
bootstrapped Linux distributions, is 100% reproducible and deterministic,
and can build complicated software with as few dependencies exposed as
possible.
--> -->
---
<hr />
<!--
TODO: include image describing traditional package building, by installing
_every_ dependency in a single OS, with a comparison of stagex only having mini
Containerfiles with just what each project needs. If done so, this graph can be
moved to a separate slide.
-->
| Distribution | Signatures | Libc | Bootstrapped | Reproducible | Rust deps | | Distribution | Signatures | Libc | Bootstrapped | Reproducible | Rust deps |
|--------------|------------|-------|--------------|--------------|----------:| |--------------|------------|-------|--------------|--------------|----------:|
@ -108,18 +122,11 @@ it builds, resulting in a decreased attack surface.
<!-- NOTE: "Rust deps" is the amount of dependencies required to build a Rust <!-- NOTE: "Rust deps" is the amount of dependencies required to build a Rust
hello world --> hello world -->
<!-- <!---
-- Unable to confirm the following:
| Guix | 1 Human | Glibc | Yes | Yes | 4 | | Guix | 1 Human | Glibc | Yes | Yes | 4 |
| Nix | 1 Bot | Glibc | Partial | Mostly | 4 | | Nix | 1 Bot | Glibc | Partial | Mostly | 4 |
--> --->
<!--
StageX is the first Linux multisig distribution, is one of two fully
bootstrapped Linux distributions, is 100% reproducible and deterministic,
and has an incredibly low amount of dependencies required to build Rust
software.
-->
<!-- Add a link to a script that confirms/reproduces the dependency count for <!-- Add a link to a script that confirms/reproduces the dependency count for
building Rust hello world --> building Rust hello world -->
@ -145,15 +152,17 @@ COPY --from=build /app/target/$TARGET/release/hello /usr/bin/hello
CMD ["/usr/bin/hello"] CMD ["/usr/bin/hello"]
``` ```
<!-- TODO: make pallets a thing, test this. Include RUSTFLAGS to make static in
the pallet -->
<!-- Speaker notes <!-- Speaker notes
In this example, note how we are only pulling in Rust and the dependencies In this example, note how we are only pulling in Rust and the dependencies
required to invoke Rust. We don't include anything extra, which reduces the required to invoke Rust. If we're using external libraries - such as Nettle and
attack surface when compiling software. GMP - we can choose to include them using Docker-native COPY commands. We don't
include anything extra, which reduces attack surface when compiling software.
---
--> -->
<!-- TODO: make pallets a thing, test this. Include RUSTFLAGS to make static in
the pallet -->
--- ---
# All packages in StageX are: # All packages in StageX are:
@ -175,6 +184,7 @@ maintenance that is performed compared to most distributions. This includes:
* Signed by the release maintainers. These maintainers each build a copy of the * Signed by the release maintainers. These maintainers each build a copy of the
package locally and sign the containers with an OCI-compliant signature using package locally and sign the containers with an OCI-compliant signature using
well-known OpenPGP keys. well-known OpenPGP keys.
---
--> -->
<!-- TODO: talk about bootstrapping, incl. corrupt compilers in distro <!-- TODO: talk about bootstrapping, incl. corrupt compilers in distro
@ -182,17 +192,30 @@ toolchain -->
<!-- https://distrowatch.com/images/other/distro-family-tree.png --> <!-- https://distrowatch.com/images/other/distro-family-tree.png -->
<!-- TODO: libfakerand to act as the "why" -->
<!--
* Create modified compiler which injects libfakerand during build time
* Use it to compile software from source, for example bitcoin core
* Show that the wallet generated with bitcoin core is not random
-->
--- ---
# Multi-Signed OCI Images # Multi-Signed OCI Images
Multiple maintainers can each sign individual images, with the container
runtime enforcing _multiple_ signatures by maintainers to ensure no individual
maintainer could have tampered with an image.
<!-- Speaker notes
StageX uses the Open Container Initiative standard for images to support the
use of multiple container runtimes. Because OCI images can be signed using
OpenPGP keys, this allows the association of built images to trusted
maintainers, which can enable developers to build their software using StageX,
without having to build the entire StageX toolchain for themselves.
Creating a network of trust builds a relationship between developers and
maintainers, allowing developers to choose maintainers that implement key
management policies that match their standards. For example, Distrust signing
keys are always stored on smart cards or airgapped machines, avoiding key
exfiltration attacks and limiting key exposure to trusted computation
environments.
---
-->
<!-- <!--
Put some kind of graphic here to explain the association between images Put some kind of graphic here to explain the association between images
and multisig, each image being signed by at least two and multisig, each image being signed by at least two
@ -212,25 +235,6 @@ digraph {
} }
--> -->
Multiple maintainers can each sign individual images, with the container
runtime enforcing _multiple_ signatures by maintainers to ensure no individual
maintainer could have tampered with an image.
<!--
StageX uses the Open Container Initiative standard for images to support the
use of multiple container runtimes. Because OCI images can be signed using
OpenPGP keys, this allows the association of built images to trusted
maintainers, which can enable developers to build their software using StageX,
without having to build the entire StageX toolchain for themselves.
Creating a network of trust builds a relationship between developers and
maintainers, allowing developers to choose maintainers that implement key
management policies that match their standards. For example, Distrust signing
keys are always stored on smart cards or airgapped machines, avoiding key
exfiltration attacks and limiting key exposure to trusted computation
environments.
-->
--- ---
# Common toolchain dependencies # Common toolchain dependencies
@ -312,7 +316,7 @@ According to: https://www.crowdstrike.com/blog/sunspot-malware-technical-analysi
> - SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code. > - SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code.
> - Several safeguards were added to SUNSPOT to avoid the Orion builds from failing, potentially alerting developers to the adversarys presence. > - Several safeguards were added to SUNSPOT to avoid the Orion builds from failing, potentially alerting developers to the adversarys presence.
<!-- <!-- Speaker Notes
We can see that the compromise occurred because the threat actors infiltrated We can see that the compromise occurred because the threat actors infiltrated
the network and replaced source code files during build time. the network and replaced source code files during build time.
@ -348,7 +352,8 @@ If everyone builds stagex, everyone has to be compromised.
* StageX packages the software you're already using, securely. * StageX packages the software you're already using, securely.
* By leveraging Docker, we avoid mixing package managers and build contexts. * By leveraging Docker, we avoid mixing package managers and build contexts.
* Your software, as well as your SBOM, can all be built deterministically. * Your software, at every point in the bootstrapped toolchain, can all be built
deterministically.
<!-- <!--
By using StageX, you have the software you already use, with the assurance it By using StageX, you have the software you already use, with the assurance it
@ -358,10 +363,10 @@ Package managers are notorious for introducing attack surfaces, such as
arbitrary execution of `setup.py` or post-download scripts, and by using Docker arbitrary execution of `setup.py` or post-download scripts, and by using Docker
as our package manager, we avoid all forms of spontaneous execution. as our package manager, we avoid all forms of spontaneous execution.
All StageX software is built deterministically, meaning you can be sure your All StageX software is built deterministically, meaning you can be sure all
Software Bill Of Materials hasn't been tampered with. Because StageX provides a components listed in your Software Bill Of Materials hasn't been tampered with.
toolchain for you to build your software in the same manner, your software can Because StageX provides a toolchain for you to build your software in the same
be sooper dooper pooper scooper secure. manner, your software can be sooper dooper pooper scooper secure.
--> -->
--- ---
@ -376,7 +381,7 @@ Adding additional chip architecture support such as ARM and RISC-V
--- ---
# **Links** # Links
**Matrix Chat**: #stagex:matrix.org **Matrix Chat**: #stagex:matrix.org
@ -385,6 +390,3 @@ Adding additional chip architecture support such as ARM and RISC-V
Big thank you to sponsors who have supported the development of this project: Big thank you to sponsors who have supported the development of this project:
**Turnkey, Distrust, Mysten Labs** **Turnkey, Distrust, Mysten Labs**