Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.

Abstract: Aspects of the subject technology relate to systems and methods for remote storage security. An encryption key is generated based at least on data stored locally by a computing device. The encryption key is bound to a context of the computing device. Data is encrypted using the encryption key. The encrypted data and information associated with the binding of the encryption key are provided for transmission to another computing device.

Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.

Abstract: Techniques for peer to peer attestation are provided. An example method includes receiving, at a first device, a discovery message from a second device, based on the discovery message, establishing a communication channel between the first device and the second device, receiving, at the first device, identity information from the second device, the identity information including one or more of: a trusted platform module (TPM) endorsement key certificate, a public portion of an identity key, one or more platform control register (PCR) values or a quote of the PCR values with the identity key, verifying, at the first device, one or more of the PCR values, the quote or the endorsement key certificate and authenticating one or more of the communication channel or the identity information of the second device based on the verification of a signature received from the second device.

Abstract: Aspects of the subject technology relate to systems and methods for providing temporally adjusted identifiers. A first identifier is received. A second identifier is determined based on time parameters and the first identifier. The time parameters include at least a period, where the period is a minimum duration of time prior to providing a computing device with a new identifier. The second identifier is provided for transmission to at least one computing device.

Abstract: Techniques for peer to peer attestation are provided. An example method includes receiving, at a first device, a discovery message from a second device, based on the discovery message, establishing a communication channel between the first device and the second device, receiving, at the first device, identity information from the second device, the identity information including one or more of: a trusted platform module (TPM) endorsement key certificate, a public portion of an identity key, one or more platform control register (PCR) values or a quote of the PCR values with the identity key, verifying, at the first device, one or more of the PCR values, the quote or the endorsement key certificate and authenticating one or more of the communication channel or the identity information of the second device based on the verification of a signature received from the second device.