Support for BMC-attached TPM

josephreynolds1
Guppy

Posts: 61

Support for BMC-attached TPM Jun 22, 2022 21:21:01 GMT

Quote

Post by josephreynolds1 on Jun 22, 2022 21:21:01 GMT

What is the right way to represent a BMC-attached Trusted Module (TPM) and the measurements it records? This TPM would record measurements for the BMC as differentiated from the host TPM.

Specifically, per a recent OpenBMC Security Working Group meeting, the intention is for a Redfish client to read measurements from a BMC-attached TPM.

Could the TrustedModules property in the ComputerSystem schema be adapted for use in the Manager schema? [Edit:append]: This schema seems like a good place to start, but it lacks a representation of the "measurements" stored in the TPM. Can we enhance this interface to represent the measurements, and allow Redfish clients to GET them?

Reference: OpenBMC Security Working Group: Meeting Notes ~ docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI

Meeting held on 2022-06-22 / Agenda item 3 "Measured boot"

Last Edit: Jun 24, 2022 0:14:16 GMT by josephreynolds1: Addend/clarify that we need to get the TPM's measurements.

josephreynolds1 Guppy Posts: 61	Support for BMC-attached TPM Jun 28, 2022 1:25:56 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by josephreynolds1 on Jun 28, 2022 1:25:56 GMT With thanks to Ratan, I understand we can add a ComponentIntegrity resource to the BMC Manager object, where ComponentIntegrityType = TPM. This will allow Redfish clients to read BMC TPM measurements. That answers my question.

ratagupt Guppy Posts: 87	Support for BMC-attached TPM Jun 30, 2022 10:13:21 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by ratagupt on Jun 30, 2022 10:13:21 GMT josephreynolds1: Seems you can not add component integrity in Manager object, component integrity collection is at the redfish root where you can add the component integrity for the BMC manager.
	Last Edit: Jul 1, 2022 4:57:40 GMT by ratagupt

mraineri
Administrator

Posts: 1,132

Support for BMC-attached TPM Jun 30, 2022 12:23:14 GMT

Quote

Post by mraineri on Jun 30, 2022 12:23:14 GMT

That's right; these resources are in their own location off of service root. The reason for this is to avoid RDE devices from populating this information in a malicious manner; by not putting it subordinate to the resource, an RDE device would not be able to slip it past the consuming manager.

Post by josephreynolds1 on Jun 22, 2022 21:21:01 GMT

Post by josephreynolds1 on Jun 28, 2022 1:25:56 GMT

Post by ratagupt on Jun 30, 2022 10:13:21 GMT

Post by mraineri on Jun 30, 2022 12:23:14 GMT