Mathieu Dupré

github profile: https://github.com/dupremathieu

Mathieu is a senior free software consultant and has a wide knowledge of Linux system, from low layers such as Kernel space to higher layers like containers / virtualization. He has valuable experience on Linux system security, for both embedded systems and servers.

Mathieu is one of the main contributors of the SEAPATH open-source project supported by the LFEnergy foundation.

Accepted Talks:

Hardening Debian from UEFI to Userland, an example with LF Energy SEAPATH

Mathieu and Eloi are the main contributors of LF Energy SEAPATH which use Debian as an VM hypervisor to host critical applications within Digital Substations.

SEAPATH is used in production by RTE, the french electricity Transmission Service Operator (TSO). Because SEAPATH is used in a critical environment, cybersecurity hardening need to be deployed on top of Debian.

This talk walks through the full system hardening process on Debian, starting with UEFI secure boot configuration and ending at service-level protections. We’ll cover secure bootloader (GRUB) configurations, encrypted and integrity-verified storage (dm-crypt, dm-verity), kernel hardening via command-line parameters, systemd service sandboxing, and general Debian-level hardening strategies.

Attendees will gain actionable steps to improve the security posture of their Debian deployments, whether on laptops, servers, or embedded systems.