Joseph Reynolds <jrey@linux.ibm.com> wrote:
    > We also discussed encrypting data like logs, and storing keys in a
    > vault / trust zone /  TPM.

Wouldn't it make most sense to encrypt them *to* an asymmetric (public) key that is
not on the BMC?   Or one can send them over encrypted syslog, or netconf to
another server for safe keeping.
Or are you thinking that you need to sign the logs?

If the key is stored locally, even in a TPM, and the point is to be able to
review logs locally, then the logs need to get decrypted, and that means that
the key needs to be enabled/opened/activated locally, and which point,
if there was a compromised system, the bad guy wins.

I guess I wonder what the goals are here.

    > See also encrypted volume https://github.com/openbmc/estoraged
    > <https://github.com/openbmc/estoraged>

Same issue: where is the key stored?

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [