4 Trusted compute is centered on insuring the complete lifecycle of a VM, and
5 the VM's underlying infrastructure is of a 'trustful' state.
7 **Trusted computing in a cloud environment**
9 To ensure overall security in an OPNFV deployment, both the launch and the
10 operation of virtualized resources need to be secure. To build a trusted
11 computing in a cloud environment the following core features are essential:
13 * boot integrity - the hardware platform can guarantee a trustworthy RoT for the overall cloud environment
14 * secure management of VMs – to secure the launch and migration of VMs in the cloud environment
16 In this section we will cover some aspects of what is considered compute
17 security, such as secure/trusted boot, although of course these can be
18 extended to other actors such as neutron networking nodes.
23 Secure boot, a UEFI-based feature that has become controversial lately,
24 ensures that nodes in an OPNFV deployment boot only software that is trusted
25 by the admin or end user.
27 In order to understand the secure boot procedure, we need to explain the related technology
30 **Unified Extensible Firmware Interface (UEFI)**
32 UEFI is a specification intended to be the replacement and improvement on the
33 old BIOS (Basic Input/Output System).
35 One UEFI-based feature that has become controversial lately is the secure boot feature.
37 The UEFI specification is a standard that’s handled by a non-profit organization
38 with representatives of Intel, AMD, Microsoft, Apple, Dell, HP, IBM and others,
39 called the Unified EFI Forum.
41 UEFI supports 32 and 64 bit processors and can be used with Itanium, x86,
42 x64 and ARM processors.
44 **Trusted Execution Environment (TEE) vs Trusted Platform Mobile (TPM)**
46 Two main components of platform security:
48 * Trusted Execution Environment
49 * Trusted Platform Module
51 These are not designed as a replacement of the other. TEE is the bulletproof
52 safe, while TPM is the 128-digit combination lock for the safe. Both are
53 needed to ensure the safe is protected.
55 TPM is a dependency of TEE but not the other way around.
57 The TPM is where TEE will store the measurements - hash of components - of the platform.
59 If TEE is not supported by a platform but a TPM is still present you still have
62 * Integrity measurement – securely measure the platform's components (hashes stored within the TPM)
64 * Authenticated boot – a process by which a platform's state (the sum of its
65 components) is reliably measured and stored
67 * SRTM - Static Root of Trust for Measurements
69 * Sealed Storage - encrypt data based on the current state of the platform
70 or in other words, what has been measured (the PCR hash values stored in the
73 * Attestation - securely report to other parties the state of the platform
81 Trusted boot (tboot) is an open source, pre- kernel/VMM module that uses
82 Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured
83 and verified launch of an OS kernel/VMM. The root of trust is in the hardware
84 and a TPM is required. Compute nodes in an OPNFV deployment boot with Intel
85 TXT technology enabled.
87 Read more about `Trusted Boot <http://www.trustedcomputinggroup.org/resources/trusted_boot>`_ and
88 `Trusted Computing. <http://www.trustedcomputinggroup.org/trusted_computing>`_
90 **Trusted Execution Environments (TEE)**
92 The Trusted Execution Environment is an isolated execution environment which
93 provides higher level of security such as isolated execution, integrity of
94 Trusted Applications along with confidentiality of their assets.
96 **Goals of a Trusted Execution Environments:**
101 * Secure Provisioning
104 **TEE platforms/implementations**
106 * Intel’s TXT (Trusted Execution Technology)
107 * AMD Secure Execution Environment
110 All three of these TEE implementations provide a virtualized Execution
111 Environment for the secure OS and applications.
113 To switch between the secure world and the normal world, Intel provides SMX
114 Instructions, while ARM uses SMC. Programmatically, they all achieve very
117 Read more about Trusted Execution Environments `here. <http://www.openvirtualization.org/open-source-arm-trustzone.html>`_
119 `NIST SP800-147 <http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf>`_
120 , is a guidelines for firmware security, to ensure that the firmware itself is secure.
122 Read more about "Trusted compute pools", in the
123 `OpenStack Security Guide. <http://docs.openstack.org/admin-guide-cloud/compute-security.html>`_