Security Working Group meeting - Wednesday August 31 - results
jrey at linux.ibm.com
Tue Sep 6 04:56:39 AEST 2022
On 9/1/22 6:25 AM, Patrick Williams wrote:
> On Wed, Aug 31, 2022 at 01:09:10PM -0500, Joseph Reynolds wrote:
>> DISCUSSION: Create two separate designs for:
>> Enable Keylime Agent. Direction is for the keylime agent to open
>> the BMC network port (using systemd, sort of like how SSH works).
>> The intention is to engage with Redfish for how to configure the
>> Keylime Agent: certificates, start/stop the application, etc.
> I guess you said someone is working on a design for this. The Keylime
> website seems light on details to me, but I'm having trouble
> conceptualizing how it is applicable to the BMC. It seems more like it
> is geared towards a self-selecting cluster of services (which reject
> peers they don't trust). Keylime does have the unfortunate aspect of being
> written entirely in Python, which makes it very difficult for us to support
> on any of the NOR-based systems (all of them except IBM's latest).
Yes, an IBM group is working this design. The design we discussed in
the security working group meeting has two parts, which I barely
comprehend. The parts are:
1. Code running on the BMC will "extend measurements" to a trusted
platform module (TPM). Two separate pieces of code are in U-Boot and in
the Kernel. The "measurements" are the readonly code image being loaded
2. Code running on the BMC (the Keylime "Agent") will query the TPM and
offer the results to whoever asks.
In my limited comprehension, the end-to-end flow is:
1. The BMC boots up and extends measurements into its TPM.
2. the BMC admin configures the BMC's Keylime Agent. That is, starts
the "Keylime Agent service", and provisions certificates, etc.
3. A network agent (a "Keylime Verifier") contacts the BMC's Keylime
Agent and asks for the measurements. The Agent that queries the TPM and
provides the measurements.
Redfish has specs for getting server TPM measurements, but does not have
any specs for getting BMC TPM measurements.
Because of this, the group doing the work is proposing for the BMC's
Keylime Agent service to open a separate port, and to not use Redfish to
get the actual measurements. In support of this view: there are Keylime
verifiers already available to use this new port, but there are no
Keylime verifiers to use Redfish.
It should be clear from the paragraphs above that the intended use case
is for a client server model, not a network of peers. The Keylime
Verifier client running on the BMC's management network contacts the
Keylime Agent running on the BMC. The mutual-TLS method is used for
Keylime is written in Python. I think the the idea was to either port
that version, or to use the new implementation in Rust. We did not
discuss any difficulties in image size increase due to Python or in
getting the Rust language environment ported to bitbake.
> Are we also planning on providing attestation information over Redfish?
More information about the openbmc