Secure boot for BMC
Joseph Reynolds
jrey at linux.ibm.com
Thu Feb 14 11:34:14 AEDT 2019
On 2019-02-12 17:13, Andrew Jeffery wrote:
> On Tue, 12 Feb 2019, at 11:00, Nancy Yuen wrote:
>> We are working on secure boot, but we have a requirement for a Google
>> HW
>> root of trust so I'm not sure if that fits in with these discussions.
>
> I think it would help to have some idea of Google's requirements so the
> project
> can accommodate them where we can, if you can reveal any details. It
> may also
> help inform others (me?) on strategies to secure firmware.
The OpenBMC security working group has discussed various "root of trust"
ideas. The way I understand it, OpenBMC community members are looking
into different solutions including
"Secure Boot" and "Trusted Platform Module" (TPM) solutions, including
Google's OpenTitan chip. See the meeting minutes for details:
https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI
My understanding of the "Secure Boot" concept is that some chip
validates the boot loader's digital signature after loading it and
before jumping into it. Then the boot loader would validate the code it
loads before jumping into it. Etc. A validation failure could either
(a) cause the BMC to fail to boot, or (b) boot the BMC in failsafe mode
where it could not write to its flash or talk to its host. OpenBMC may
also need some way to talk to the chip.
My understanding of TPMs is much more limited. So we are waiting for
proposals.
- Joseph
> Andrew
More information about the openbmc
mailing list