RE: Proposed F19 Feature: OpenAttestation
Bill Nottingham wrote on 2013-01-29:
Jaroslav Reznik (jreznik(a)redhat.com) said:
> = Features/OpenAttestation =
> https://fedoraproject.org/wiki/Features/OpenAttestation
>
> Feature owner(s): Gang Wei <gang.wei(a)intel.com>
>
> Provide fedora packages for OpenAttestation to support Trusted Compute
> Pools(TCP) feature in OpenStack since Folsom release & in future oVirt
> releases.
Wow, TCP is a horribly unfortunate acronym collision.
> == Detailed description ==
> This feature would include mostly packaging OpenAttestation project for
> fedora.
>
> * the source package will be named oat
> * the binary packages will include oat-appraiser & oat-client
If you're attempting to create a framework that attests the integrity
of systems for use by 'trusted' software, it would (in theory) only be as
secure as its weakest link. Given that... PHP?
I am not sure whether PHP is the weakest link, but the integrity checking done
by OpenAttestation is to ensure the system is running the expected software
like BIOS/OS/etc. As to whether the expected software is secure enough it is
another story.
How does it intend to attest the OS in a rapidly updating Fedora
environment? Just the kernel + initramfs? An image-based checksum such
as what is used in ChromeOS?
By far, just kernel + initramfs. Every time the kernel/initramfs got updated,
the Know Good Value in OpenAttestation Server should be updated to take new
kernel/initramfs as "trusted" one.
Jimmy
Attachments:
- smime.p7s (application/pkcs7-signature — 8.4 KB)