[ironic] Securing physical hosts in hostile environments

Eric K. Miller emiller at genesishosting.com
Wed Dec 16 17:25:07 UTC 2020

> My understanding is that one of the primary reasons why
> https://www.opencompute.org/ formed was to collaboratively design
> hardware which can't be compromised in-band by its users.
> The Elastic Secure Infrastructure effort happening in OpenInfra Labs
is also
> attempting to template and document repeatable solutions for the first
> of the problem (centrally detecting tainted BIOS/firmware via
> verification and attestation):
> https://www.bu.edu/rhcollab/projects/esi/
> --
> Jeremy Stanley

Thanks Jeremy!  I have some reading to do.  It seems that, instead of
detecting tainted "anything", it would be better to assume zero trust in
the hardware after use, and instead reset/re-flash everything upon
re-provisioning.  I can understand that re-flashing can be hard on the
flash, but now that most (all?) firmware has digital signature checks,
this can be used to avoid re-flashing when the signature matches.
However, the issue still remains that typical server hardware (I need to
check OpenCompute's hardware) requires jumpers to be changed for
re-flashing/resetting configs, which is a real pain.  So, even if you
did detect something bad, this needs to be done to fix the issue.


More information about the openstack-discuss mailing list