[ironic] Securing physical hosts in hostile environments
Eric K. Miller
emiller at genesishosting.com
Wed Dec 16 17:25:07 UTC 2020
> My understanding is that one of the primary reasons why
> https://www.opencompute.org/ formed was to collaboratively design
> hardware which can't be compromised in-band by its users.
> The Elastic Secure Infrastructure effort happening in OpenInfra Labs
is also
> attempting to template and document repeatable solutions for the first
half
> of the problem (centrally detecting tainted BIOS/firmware via
signature
> verification and attestation):
> https://www.bu.edu/rhcollab/projects/esi/
> --
> Jeremy Stanley
Thanks Jeremy! I have some reading to do. It seems that, instead of
detecting tainted "anything", it would be better to assume zero trust in
the hardware after use, and instead reset/re-flash everything upon
re-provisioning. I can understand that re-flashing can be hard on the
flash, but now that most (all?) firmware has digital signature checks,
this can be used to avoid re-flashing when the signature matches.
However, the issue still remains that typical server hardware (I need to
check OpenCompute's hardware) requires jumpers to be changed for
re-flashing/resetting configs, which is a real pain. So, even if you
did detect something bad, this needs to be done to fix the issue.
Eric
More information about the openstack-discuss
mailing list