* Security Working Group meeting - Wednesday June 22 @ 2022-06-22 15:19 Joseph Reynolds 2022-06-22 18:20 ` Security Working Group meeting - Wednesday June 22 - results Joseph Reynolds 0 siblings, 1 reply; 8+ messages in thread From: Joseph Reynolds @ 2022-06-22 15:19 UTC (permalink / raw) To: openbmc This is a reminder of the OpenBMC Security Working Group meeting scheduled for this Wednesday June 22 at 10:00am PDT. We'll discuss the following items on the agenda <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>, and anything else that comes up: 1. Cancel July 6 meeting? 2. Continue discussion securing Linux internals (like with SELinux). Access, agenda and notes are in the wiki: https://github.com/openbmc/openbmc/wiki/Security-working-group <https://github.com/openbmc/openbmc/wiki/Security-working-group> - Joseph ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group meeting - Wednesday June 22 - results 2022-06-22 15:19 Security Working Group meeting - Wednesday June 22 Joseph Reynolds @ 2022-06-22 18:20 ` Joseph Reynolds 2022-06-22 20:24 ` Patrick Williams 0 siblings, 1 reply; 8+ messages in thread From: Joseph Reynolds @ 2022-06-22 18:20 UTC (permalink / raw) To: openbmc On 6/22/22 10:19 AM, Joseph Reynolds wrote: > This is a reminder of the OpenBMC Security Working Group meeting > scheduled for this Wednesday June 22 at 10:00am PDT. > > We'll discuss the following items on the agenda > <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>, > and anything else that comes up: > Attendees: Daniil Engranov, Russel Wilson, Yutaka Sugawara, Ruud Haring, James Mihm, Joseph Reynolds 1 Agreed to cancel July 6 due to US holiday week 2 CVE management. Intel’s internal hack-a-thon 3 was held in May 2022. Working toward private disclosure to OpenBMC SRT. Next steps: James will set up a private meeting with the OpenBMC security response team (SRT) to write some privately-disclosed vulnerabilities to the private issues database. 3 Measured boot Measured boot writes firmware images to TPM There is an effort to enable measured boot for ASPEED AST2600 platforms with a TPM attached to the BMC (distinct from host TPM). Current work: Working toward measured boot for U-boot. Pre-requisite work: Openbmc’s ASPEED UBoot was forked and is about 1000 commits old and will need to be updated because it does not have new features needed. Will need a design for this. Design to cover: * Enable the mechanism to push measurements into the TPM. The design may have parts which are specific to AST2600. * Describe which pieces get measured: SPL(?), U-boot image, kernel image, readonly file system. * Enable network agents (like keylime server, possibly the host system) to get measurements from TPM. Note the measurements are digitally signed by the TPM to ensure their integrity. * Intent to comply with OCP standards. The design will omit policy questions: Use cases for the attestation data, keylime or other servers, policy questions about what to do when attestation fails. Example policy when BMC goes bad (fails attest): BMC is isolated from its management network? From host control? External agent is notified, e.g., datacenter admin, who will then isolate the BMC and schedule it to be replaced. Consider two underlying use cases: BMC management agent is (1) network-based or (2) host-based. The intent to enable use case 1. Use case 2 may be problematic when the policy is to isolate the BMC from its host, but nothing in the design is intended to block this use case. 4 Progress on SELinux Still working on SELinux design (Ruud): implementation work continues to help the design. Implementation progress (Yutaka): Enabled SELinux on AST2600 using Yocto Kirkstone version. BMC boots in selinux permissive mode and basic commands work. The initial readonly flash size increase is 20Mb, (was 16Mb, now is 16+20Mb = 36Mb total on flash). Will look into configuration changes to reduce the size. Will need a later/updated version of busybox which has SELinux features enabled. Starting to define policy for basic BMC workloads. -Joseph > > > Access, agenda and notes are in the wiki: > https://github.com/openbmc/openbmc/wiki/Security-working-group > <https://github.com/openbmc/openbmc/wiki/Security-working-group> > > - Joseph ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group meeting - Wednesday June 22 - results 2022-06-22 18:20 ` Security Working Group meeting - Wednesday June 22 - results Joseph Reynolds @ 2022-06-22 20:24 ` Patrick Williams 2022-06-22 21:23 ` Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM Joseph Reynolds 0 siblings, 1 reply; 8+ messages in thread From: Patrick Williams @ 2022-06-22 20:24 UTC (permalink / raw) To: Joseph Reynolds; +Cc: openbmc [-- Attachment #1: Type: text/plain, Size: 477 bytes --] On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote: > On 6/22/22 10:19 AM, Joseph Reynolds wrote: > 3 Measured boot > Enable network agents (like keylime server, possibly the host > system) to get measurements from TPM. Note the measurements are > digitally signed by the TPM to ensure their integrity. Is there any work going on to define some kind of measurement schema in Redfish? Last I knew this was absent. -- Patrick Williams [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM 2022-06-22 20:24 ` Patrick Williams @ 2022-06-22 21:23 ` Joseph Reynolds 2022-06-22 22:16 ` Patrick Williams 0 siblings, 1 reply; 8+ messages in thread From: Joseph Reynolds @ 2022-06-22 21:23 UTC (permalink / raw) To: Patrick Williams; +Cc: openbmc On 6/22/22 3:24 PM, Patrick Williams wrote: > On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote: >> On 6/22/22 10:19 AM, Joseph Reynolds wrote: >> 3 Measured boot >> Enable network agents (like keylime server, possibly the host >> system) to get measurements from TPM. Note the measurements are >> digitally signed by the TPM to ensure their integrity. > Is there any work going on to define some kind of measurement schema in > Redfish? Last I knew this was absent. Thanks for the reminder. I started a thread for this: https://redfishforum.com/thread/685/support-bmc-attached-tpm -Joseph ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM 2022-06-22 21:23 ` Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM Joseph Reynolds @ 2022-06-22 22:16 ` Patrick Williams 2022-06-24 0:17 ` Joseph Reynolds 0 siblings, 1 reply; 8+ messages in thread From: Patrick Williams @ 2022-06-22 22:16 UTC (permalink / raw) To: Joseph Reynolds; +Cc: openbmc [-- Attachment #1: Type: text/plain, Size: 941 bytes --] On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote: > On 6/22/22 3:24 PM, Patrick Williams wrote: > > On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote: > >> On 6/22/22 10:19 AM, Joseph Reynolds wrote: > >> 3 Measured boot > >> Enable network agents (like keylime server, possibly the host > >> system) to get measurements from TPM. Note the measurements are > >> digitally signed by the TPM to ensure their integrity. > > Is there any work going on to define some kind of measurement schema in > > Redfish? Last I knew this was absent. > > Thanks for the reminder. I started a thread for this: > https://redfishforum.com/thread/685/support-bmc-attached-tpm Sounds good. You mentioned there the "TrustedModules" type. It doesn't seem like this exposes measurements currently? Am I misunderstanding? That seems pretty important for our use case. -- Patrick Williams [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM 2022-06-22 22:16 ` Patrick Williams @ 2022-06-24 0:17 ` Joseph Reynolds 2022-06-24 9:27 ` Ratan Gupta 0 siblings, 1 reply; 8+ messages in thread From: Joseph Reynolds @ 2022-06-24 0:17 UTC (permalink / raw) To: Patrick Williams; +Cc: openbmc On 6/22/22 5:16 PM, Patrick Williams wrote: > On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote: >> On 6/22/22 3:24 PM, Patrick Williams wrote: >>> On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote: >>>> On 6/22/22 10:19 AM, Joseph Reynolds wrote: >>>> 3 Measured boot >>>> Enable network agents (like keylime server, possibly the host >>>> system) to get measurements from TPM. Note the measurements are >>>> digitally signed by the TPM to ensure their integrity. >>> Is there any work going on to define some kind of measurement schema in >>> Redfish? Last I knew this was absent. >> Thanks for the reminder. I started a thread for this: >> https://redfishforum.com/thread/685/support-bmc-attached-tpm > Sounds good. > > You mentioned there the "TrustedModules" type. It doesn't seem like > this exposes measurements currently? Am I misunderstanding? That seems > pretty important for our use case. Thanks. I've edited/appended the post to clarify that we need to enhance the TrustedModule schema so we can GET the TPM's measurements. -Joseph ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM 2022-06-24 0:17 ` Joseph Reynolds @ 2022-06-24 9:27 ` Ratan Gupta 2022-06-28 1:29 ` Joseph Reynolds 0 siblings, 1 reply; 8+ messages in thread From: Ratan Gupta @ 2022-06-24 9:27 UTC (permalink / raw) To: Joseph Reynolds; +Cc: openbmc [-- Attachment #1: Type: text/plain, Size: 1342 bytes --] Hi Joseph, Did you check the https://redfish.dmtf.org/schemas/ComponentIntegrity.v1_1_0.json? Regards Ratan Gupta On Fri, Jun 24, 2022 at 5:48 AM Joseph Reynolds <jrey@linux.ibm.com> wrote: > On 6/22/22 5:16 PM, Patrick Williams wrote: > > On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote: > >> On 6/22/22 3:24 PM, Patrick Williams wrote: > >>> On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote: > >>>> On 6/22/22 10:19 AM, Joseph Reynolds wrote: > >>>> 3 Measured boot > >>>> Enable network agents (like keylime server, possibly the host > >>>> system) to get measurements from TPM. Note the measurements are > >>>> digitally signed by the TPM to ensure their integrity. > >>> Is there any work going on to define some kind of measurement schema in > >>> Redfish? Last I knew this was absent. > >> Thanks for the reminder. I started a thread for this: > >> https://redfishforum.com/thread/685/support-bmc-attached-tpm > > Sounds good. > > > > You mentioned there the "TrustedModules" type. It doesn't seem like > > this exposes measurements currently? Am I misunderstanding? That seems > > pretty important for our use case. > > Thanks. I've edited/appended the post to clarify that we need to > enhance the TrustedModule schema so we can GET the TPM's measurements. > > -Joseph > > [-- Attachment #2: Type: text/html, Size: 2126 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM 2022-06-24 9:27 ` Ratan Gupta @ 2022-06-28 1:29 ` Joseph Reynolds 0 siblings, 0 replies; 8+ messages in thread From: Joseph Reynolds @ 2022-06-28 1:29 UTC (permalink / raw) To: Ratan Gupta; +Cc: openbmc On 6/24/22 4:27 AM, Ratan Gupta wrote: > Hi Joseph, Did you check > the https://redfish.dmtf.org/schemas/ComponentIntegrity.v1_1_0.json? > Regards Ratan Gupta On Fri, Jun 24, 2022 at 5:48 AM Joseph Reynolds > <jrey@linux.ibm.com> wrote: On 6/22/22 5:16 PM, Patrick Williams wrote: > ZjQcmQRYFpfptBannerStart > This Message Is From an External Sender > This message came from outside your organization. > ZjQcmQRYFpfptBannerEnd > Hi Joseph, > > Did you check the > https://redfish.dmtf.org/schemas/ComponentIntegrity.v1_1_0.json? I was unaware of the ComponentIntegrity schema. Thanks for your help! That answers the question. I replied to the forum post as well. -Joseph > > Regards > Ratan Gupta > > On Fri, Jun 24, 2022 at 5:48 AM Joseph Reynolds <jrey@linux.ibm.com> > wrote: > > On 6/22/22 5:16 PM, Patrick Williams wrote: > > On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote: > >> On 6/22/22 3:24 PM, Patrick Williams wrote: > >>> On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote: > >>>> On 6/22/22 10:19 AM, Joseph Reynolds wrote: > >>>> 3 Measured boot > >>>> Enable network agents (like keylime server, possibly > the host > >>>> system) to get measurements from TPM. Note the > measurements are > >>>> digitally signed by the TPM to ensure their integrity. > >>> Is there any work going on to define some kind of measurement > schema in > >>> Redfish? Last I knew this was absent. > >> Thanks for the reminder. I started a thread for this: > >> https://redfishforum.com/thread/685/support-bmc-attached-tpm > > Sounds good. > > > > You mentioned there the "TrustedModules" type. It doesn't seem like > > this exposes measurements currently? Am I misunderstanding? > That seems > > pretty important for our use case. > > Thanks. I've edited/appended the post to clarify that we need to > enhance the TrustedModule schema so we can GET the TPM's measurements. > > -Joseph > ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-06-28 1:30 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-06-22 15:19 Security Working Group meeting - Wednesday June 22 Joseph Reynolds 2022-06-22 18:20 ` Security Working Group meeting - Wednesday June 22 - results Joseph Reynolds 2022-06-22 20:24 ` Patrick Williams 2022-06-22 21:23 ` Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM Joseph Reynolds 2022-06-22 22:16 ` Patrick Williams 2022-06-24 0:17 ` Joseph Reynolds 2022-06-24 9:27 ` Ratan Gupta 2022-06-28 1:29 ` Joseph Reynolds
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.