Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM
Ratan Gupta
ratankgupta31 at gmail.com
Fri Jun 24 19:27:47 AEST 2022
Hi Joseph,
Did you check the
https://redfish.dmtf.org/schemas/ComponentIntegrity.v1_1_0.json?
Regards
Ratan Gupta
On Fri, Jun 24, 2022 at 5:48 AM Joseph Reynolds <jrey at linux.ibm.com> wrote:
> On 6/22/22 5:16 PM, Patrick Williams wrote:
> > On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote:
> >> On 6/22/22 3:24 PM, Patrick Williams wrote:
> >>> On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote:
> >>>> On 6/22/22 10:19 AM, Joseph Reynolds wrote:
> >>>> 3 Measured boot
> >>>> Enable network agents (like keylime server, possibly the host
> >>>> system) to get measurements from TPM. Note the measurements are
> >>>> digitally signed by the TPM to ensure their integrity.
> >>> Is there any work going on to define some kind of measurement schema in
> >>> Redfish? Last I knew this was absent.
> >> Thanks for the reminder. I started a thread for this:
> >> https://redfishforum.com/thread/685/support-bmc-attached-tpm
> > Sounds good.
> >
> > You mentioned there the "TrustedModules" type. It doesn't seem like
> > this exposes measurements currently? Am I misunderstanding? That seems
> > pretty important for our use case.
>
> Thanks. I've edited/appended the post to clarify that we need to
> enhance the TrustedModule schema so we can GET the TPM's measurements.
>
> -Joseph
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220624/ae999c47/attachment.htm>
More information about the openbmc
mailing list