Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM
jrey at linux.ibm.com
Fri Jun 24 10:17:59 AEST 2022
On 6/22/22 5:16 PM, Patrick Williams wrote:
> On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote:
>> On 6/22/22 3:24 PM, Patrick Williams wrote:
>>> On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote:
>>>> On 6/22/22 10:19 AM, Joseph Reynolds wrote:
>>>> 3 Measured boot
>>>> Enable network agents (like keylime server, possibly the host
>>>> system) to get measurements from TPM. Note the measurements are
>>>> digitally signed by the TPM to ensure their integrity.
>>> Is there any work going on to define some kind of measurement schema in
>>> Redfish? Last I knew this was absent.
>> Thanks for the reminder. I started a thread for this:
> Sounds good.
> You mentioned there the "TrustedModules" type. It doesn't seem like
> this exposes measurements currently? Am I misunderstanding? That seems
> pretty important for our use case.
Thanks. I've edited/appended the post to clarify that we need to
enhance the TrustedModule schema so we can GET the TPM's measurements.
More information about the openbmc