Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM
Patrick Williams
patrick at stwcx.xyz
Thu Jun 23 08:16:05 AEST 2022
On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote:
> On 6/22/22 3:24 PM, Patrick Williams wrote:
> > On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote:
> >> On 6/22/22 10:19 AM, Joseph Reynolds wrote:
> >> 3 Measured boot
> >> Enable network agents (like keylime server, possibly the host
> >> system) to get measurements from TPM. Note the measurements are
> >> digitally signed by the TPM to ensure their integrity.
> > Is there any work going on to define some kind of measurement schema in
> > Redfish? Last I knew this was absent.
>
> Thanks for the reminder. I started a thread for this:
> https://redfishforum.com/thread/685/support-bmc-attached-tpm
Sounds good.
You mentioned there the "TrustedModules" type. It doesn't seem like
this exposes measurements currently? Am I misunderstanding? That seems
pretty important for our use case.
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220622/56687bf9/attachment-0001.sig>
More information about the openbmc
mailing list