The platform is a collection of fundamental hardware and firmware components needed to boot and operate a system. The Platform Firmware Resiliency(PFR) in NIST SP 800-193 provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks.
Different OEM's has there own way of implementing the Platform Firmware Resilience by using guidelines provided by NIST SP 800-193. Some of the component protected under this includes(not limited) ES/SIO, BMC/ME Flash, Host Processors, Trusted Platform Modules(TPM), PSU's, Memory etc...
Currently Redfish schema's defined by DMTF doesn't cover properties or resources to represent the PFR provisioned and locked states. Below two properties are helpful in server platforms for representing platform security(provisioning status) as per NIST SP 800-193.
- Provisioned: The value of this property shall be a Boolean indicating provisioned state of platform firmware.
- Locked: The value of this property shall be a Boolean indicating platform firmware provisioning is locked.
PFR enabled platforms can provision or re-provision the platform resilience multiple times without Locking. But once the platform is locked by provisioning agent, it can not be re-provisioned.
Post by josephreynolds1 on Jan 20, 2020 22:40:01 GMT
I think the properties would be helpful for my use case in OpenBMC (https://github.com/openbmc/openbmc), specifically the "initial admin tasks" (aka provisioning) in this story: github.com/ibm-openbmc/dev/issues/1531
I don't have a well-developed design, but I believe the properties identified above would be helpful to implement higher-security features, for example: - Require the BMC be provisioned before it allows use of is full function. For example, a higher-security scheme could require the default user password be changed before the Provisioned property could be set to true (with an error message like: Unable to set the Provisioned property to True for the following reason: The default user account is enabled and has the default password). - The Locked property could help defend against attackers who get Administrator credentials.