Post by apuli on Sept 25, 2019 6:56:45 GMT
The platform is a collection of fundamental hardware and firmware components
needed to boot and operate a system. The Platform Firmware Resiliency(PFR)
in NIST SP 800-193 provides technical guidelines and recommendations
supporting resiliency of platform firmware and data against potentially
destructive attacks.
Different OEM's has there own way of implementing the Platform Firmware
Resilience by using guidelines provided by NIST SP 800-193. Some of the
component protected under this includes(not limited) ES/SIO, BMC/ME Flash,
Host Processors, Trusted Platform Modules(TPM), PSU's, Memory etc...
Currently Redfish schema's defined by DMTF doesn't cover properties or
resources to represent the PFR provisioned and locked states. Below two properties are helpful in server platforms for representing platform security(provisioning status) as per NIST SP 800-193.
- Provisioned: The value of this property shall be a Boolean indicating
provisioned state of platform firmware.
- Locked: The value of this property shall be a Boolean indicating platform
firmware provisioning is locked.
PFR enabled platforms can provision or re-provision the platform resilience
multiple times without Locking. But once the platform is locked by provisioning
agent, it can not be re-provisioned.
needed to boot and operate a system. The Platform Firmware Resiliency(PFR)
in NIST SP 800-193 provides technical guidelines and recommendations
supporting resiliency of platform firmware and data against potentially
destructive attacks.
Different OEM's has there own way of implementing the Platform Firmware
Resilience by using guidelines provided by NIST SP 800-193. Some of the
component protected under this includes(not limited) ES/SIO, BMC/ME Flash,
Host Processors, Trusted Platform Modules(TPM), PSU's, Memory etc...
Currently Redfish schema's defined by DMTF doesn't cover properties or
resources to represent the PFR provisioned and locked states. Below two properties are helpful in server platforms for representing platform security(provisioning status) as per NIST SP 800-193.
- Provisioned: The value of this property shall be a Boolean indicating
provisioned state of platform firmware.
- Locked: The value of this property shall be a Boolean indicating platform
firmware provisioning is locked.
PFR enabled platforms can provision or re-provision the platform resilience
multiple times without Locking. But once the platform is locked by provisioning
agent, it can not be re-provisioned.
