Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM
Joseph Reynolds
jrey at linux.ibm.com
Tue Jun 28 11:29:13 AEST 2022
On 6/24/22 4:27 AM, Ratan Gupta wrote:
> Hi Joseph, Did you check
> the https://redfish.dmtf.org/schemas/ComponentIntegrity.v1_1_0.json?
> Regards Ratan Gupta On Fri, Jun 24, 2022 at 5:48 AM Joseph Reynolds
> <jrey at linux.ibm.com> wrote: On 6/22/22 5:16 PM, Patrick Williams wrote:
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
> Hi Joseph,
>
> Did you check the
> https://redfish.dmtf.org/schemas/ComponentIntegrity.v1_1_0.json?
I was unaware of the ComponentIntegrity schema. Thanks for your help!
That answers the question.
I replied to the forum post as well.
-Joseph
>
> Regards
> Ratan Gupta
>
> On Fri, Jun 24, 2022 at 5:48 AM Joseph Reynolds <jrey at linux.ibm.com>
> wrote:
>
> On 6/22/22 5:16 PM, Patrick Williams wrote:
> > On Wed, Jun 22, 2022 at 04:23:41PM -0500, Joseph Reynolds wrote:
> >> On 6/22/22 3:24 PM, Patrick Williams wrote:
> >>> On Wed, Jun 22, 2022 at 01:20:48PM -0500, Joseph Reynolds wrote:
> >>>> On 6/22/22 10:19 AM, Joseph Reynolds wrote:
> >>>> 3 Measured boot
> >>>> Enable network agents (like keylime server, possibly
> the host
> >>>> system) to get measurements from TPM. Note the
> measurements are
> >>>> digitally signed by the TPM to ensure their integrity.
> >>> Is there any work going on to define some kind of measurement
> schema in
> >>> Redfish? Last I knew this was absent.
> >> Thanks for the reminder. I started a thread for this:
> >> https://redfishforum.com/thread/685/support-bmc-attached-tpm
> > Sounds good.
> >
> > You mentioned there the "TrustedModules" type. It doesn't seem like
> > this exposes measurements currently? Am I misunderstanding?
> That seems
> > pretty important for our use case.
>
> Thanks. I've edited/appended the post to clarify that we need to
> enhance the TrustedModule schema so we can GET the TPM's measurements.
>
> -Joseph
>
More information about the openbmc
mailing list