Hello all,
First off I wanted to say THANK YOU and WELCOME to the trusted-computing list!
I wanted to let the announcements we made in several venues ripple out until we got a
critical mass of subscribers before we got the dialog rolling. So far we have already
over 60 people signed up which is fantastic. Thank you again for your interest!
So to kick things off, let me provide a little background to stimulate conversation...
At Red Hat, we've been seeing trusted computing gain more and more customer interest
as folks consider virtualization. This is even more true as they begin to look at cloud
computing. As folks move workloads to a virtualized or cloud datacenter, they have little
or possibly no control over the underlying hardware. Essentially if the hardware or
hypervisor has been compromised, it really doesn't matter how secure your guest OS is,
and the painstaking effort you put into writing secure application code is for naught. In
virtual environments, one should absolutely consider these risks. However with a
multi-tenant 3rd party cloud environemnt, these considerations should absolutely be a part
of a security risk assessment and mitigation plan.
With this in mind, many of these customers are looking for a level of assurance that the
hardware and hypervisor can indeed be trusted prior to running a virtual guest. This
makes sense in the classic "virtualization in the datacenter" or cloud
environments, but they also want to have a level of assurance when running virtual guests
on say laptop systems.
One example is telework. In the event of a natural or man-made disaster, employers want
to have the ability to have employees securely work from home on maybe their
personally-owned computers. Booting up a work-provided guest on the home PC that was
previously running who-knows-what by the teenage son presents interesting security
challenges.
Another consideration which is similar is in-theater deployments. What if you want to
deploy a virtual machine to a soldier/airman/sailor/marine/other in theater? You want to
make sure that the local host he's running in theater is trusted and authorized to run
the VM, as well as ensuring that the guest OS hasn't been tampered with in flight.
On the other end of the spectrum, folks in the hardware and software industry as well as
folks in the open source community have been doing fantastic work helping to ensure that
hardware capabilities such as TPM is available for use by the OS.
So to open the conversation up to the subscribers on this list...
End users/customers:
- What are your requirements? What keeps you up at night?
- What would you like to be able to do? What's your vision of success?
- What have you tried in the past what works? Maybe wikify that here so others can try
and provide constructive feedback...
https://fedorahosted.org/trustedcomputing/
- What have you tried that didn't work work (whether for technical or policy reasons)?
Maybe you found a 90% solution but the last 10% was a deal breaker. Maybe the list can
help address that last 10%?
Hardware / software / community folks:
- What are you working on that customers may not know about?
- Would you have any cookbooks or tips on how to get started? If so, please wikify them
here for end users to try and report back...
https://fedorahosted.org/trustedcomputing/
Anything else I missed?
Thanks again everyone! I really look forward to the dialog!
Dave
--
David D. Egts, RHCA, RHCSS #805007796228001
Principal Architect, Red Hat, Inc.