diff options
author | Luke Hinds <luke.hinds@nokia.com> | 2016-02-15 14:47:39 +0000 |
---|---|---|
committer | ChristopherPrice <christopher.price@ericsson.com> | 2016-05-02 16:57:34 +0200 |
commit | 5bb8530709133fff79e7f0b5ec9eee525ab69f6a (patch) | |
tree | fb28f07469ab272709e3397ecce93c3904344f7a /docs | |
parent | 65893d7c3dcf2e5237d0cfffe0dd8dcc9cfbac33 (diff) |
Added Sona's changes on Trusted Compute
Updated with commented editorials, want to push this. (cp)
Fixed formatting errors.
Change-Id: Ia2d5849561d4691d278cc67a6bcdfaec1331de3d
Signed-off-by: Luke Hinds <luke.hinds@nokia.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/opnfvsecguide/compute/trust.rst | 126 |
1 files changed, 120 insertions, 6 deletions
diff --git a/docs/opnfvsecguide/compute/trust.rst b/docs/opnfvsecguide/compute/trust.rst index 2c5cc63a6..3022e59c0 100644 --- a/docs/opnfvsecguide/compute/trust.rst +++ b/docs/opnfvsecguide/compute/trust.rst @@ -1,10 +1,124 @@ Trusted Compute --------------- -Compute security relates to the compute nodes in an OPNFV deployment. -Compute nodes host various componants such as the hypervisor itself KVM-QEMU, -and its serving eco-system, such as Nova (which interacts with the hypervisor using libvirt driver). +Trusted compute is centered on insuring the complete lifecycle of a VM, and +the VM's underlying infrastructure is of a 'trustful' state. + +**Trusted computing in a cloud environment** + +To ensure overall security in an OPNFV deployment, both the launch and the +operation of virtualized resources need to be secure. To build a trusted +computing in a cloud environment the following core features are essential: + +* boot integrity - the hardware platform can guarantee a trustworthy RoT for the overall cloud environment +* secure management of VMs – to secure the launch and migration of VMs in the cloud environment + +In this section we will cover some aspects of what is considered compute +security, such as secure/trusted boot, although of course these can be +extended to other actors such as neutron networking nodes. + +Secure Boot +########### + +Secure boot, a UEFI-based feature that has become controversial lately, +ensures that nodes in an OPNFV deployment boot only software that is trusted +by the admin or end user. + +In order to understand the secure boot procedure, we need to explain the related technology +and specification. + +**Unified Extensible Firmware Interface (UEFI)** + +UEFI is a specification intended to be the replacement and improvement on the +old BIOS (Basic Input/Output System). + +One UEFI-based feature that has become controversial lately is the secure boot feature. + +The UEFI specification is a standard that’s handled by a non-profit organization +with representatives of Intel, AMD, Microsoft, Apple, Dell, HP, IBM and others, +called the Unified EFI Forum. + +UEFI supports 32 and 64 bit processors and can be used with Itanium, x86, +x64 and ARM processors. + +**Trusted Execution Environment (TEE) vs Trusted Platform Mobile (TPM)** + +Two main components of platform security: + +* Trusted Execution Environment +* Trusted Platform Module + +These are not designed as a replacement of the other. TEE is the bulletproof +safe, while TPM is the 128-digit combination lock for the safe. Both are +needed to ensure the safe is protected. + +TPM is a dependency of TEE but not the other way around. + +The TPM is where TEE will store the measurements - hash of components - of the platform. + +If TEE is not supported by a platform but a TPM is still present you still have +all these features: + +* Integrity measurement – securely measure the platform's components (hashes stored within the TPM) + +* Authenticated boot – a process by which a platform's state (the sum of its + components) is reliably measured and stored + +* SRTM - Static Root of Trust for Measurements + +* Sealed Storage - encrypt data based on the current state of the platform + or in other words, what has been measured (the PCR hash values stored in the + TPM) - seal operation + +* Attestation - securely report to other parties the state of the platform + + +Trusted Compute Pools +##################### + +**Trusted Boot** + +Trusted boot (tboot) is an open source, pre- kernel/VMM module that uses +Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured +and verified launch of an OS kernel/VMM. The root of trust is in the hardware +and a TPM is required. Compute nodes in an OPNFV deployment boot with Intel +TXT technology enabled. + +Read more about `Trusted Boot <http://www.trustedcomputinggroup.org/resources/trusted_boot>`_ and +`Trusted Computing. <http://www.trustedcomputinggroup.org/trusted_computing>`_ + +**Trusted Execution Environments (TEE)** + +The Trusted Execution Environment is an isolated execution environment which +provides higher level of security such as isolated execution, integrity of +Trusted Applications along with confidentiality of their assets. + +**Goals of a Trusted Execution Environments:** + +* Isolated Execution +* Secure Storage +* Remote Attestation +* Secure Provisioning +* Trusted Path + +**TEE platforms/implementations** + +* Intel’s TXT (Trusted Execution Technology) +* AMD Secure Execution Environment +* ARM TrustZone + +All three of these TEE implementations provide a virtualized Execution +Environment for the secure OS and applications. + +To switch between the secure world and the normal world, Intel provides SMX +Instructions, while ARM uses SMC. Programmatically, they all achieve very +similar results. + +Read more about Trusted Execution Environments `here. <http://www.openvirtualization.org/open-source-arm-trustzone.html>`_ + +`NIST SP800-147 <http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf>`_ +, is a guidelines for firmware security, to ensure that the firmware itself is secure. + +Read more about "Trusted compute pools", in the +`OpenStack Security Guide. <http://docs.openstack.org/admin-guide-cloud/compute-security.html>`_ -We also cover other aspects of what is considered compute security, -such as trusted boot / pools, although of course, -these can be extended to other actors such as neutron etworking nodes. |