Trusted Compute¶
Trusted compute is centered on insuring the complete lifecycle of a VM, and the VM’s underlying infrastructure is of a ‘trustful’ state.
Trusted computing in a cloud environment
To ensure overall security in an OPNFV deployment, both the launch and the operation of virtualized resources need to be secure. To build a trusted computing in a cloud environment the following core features are essential:
- boot integrity - the hardware platform can guarantee a trustworthy RoT for the overall cloud environment
- secure management of VMs – to secure the launch and migration of VMs in the cloud environment
In this section we will cover some aspects of what is considered compute security, such as secure/trusted boot, although of course these can be extended to other actors such as neutron networking nodes.
Secure Boot¶
Secure boot, a UEFI-based feature that has become controversial lately, ensures that nodes in an OPNFV deployment boot only software that is trusted by the admin or end user.
In order to understand the secure boot procedure, we need to explain the related technology and specification.
Unified Extensible Firmware Interface (UEFI)
UEFI is a specification intended to be the replacement and improvement on the old BIOS (Basic Input/Output System).
One UEFI-based feature that has become controversial lately is the secure boot feature.
The UEFI specification is a standard that’s handled by a non-profit organization with representatives of Intel, AMD, Microsoft, Apple, Dell, HP, IBM and others, called the Unified EFI Forum.
UEFI supports 32 and 64 bit processors and can be used with Itanium, x86, x64 and ARM processors.
Trusted Execution Environment (TEE) vs Trusted Platform Mobile (TPM)
Two main components of platform security:
- Trusted Execution Environment
- Trusted Platform Module
These are not designed as a replacement of the other. TEE is the bulletproof safe, while TPM is the 128-digit combination lock for the safe. Both are needed to ensure the safe is protected.
TPM is a dependency of TEE but not the other way around.
The TPM is where TEE will store the measurements - hash of components - of the platform.
If TEE is not supported by a platform but a TPM is still present you still have all these features:
- Integrity measurement – securely measure the platform’s components (hashes stored within the TPM)
- Authenticated boot – a process by which a platform’s state (the sum of its components) is reliably measured and stored
- SRTM - Static Root of Trust for Measurements
- Sealed Storage - encrypt data based on the current state of the platform or in other words, what has been measured (the PCR hash values stored in the TPM) - seal operation
- Attestation - securely report to other parties the state of the platform
Trusted Compute Pools¶
Trusted Boot
Trusted boot (tboot) is an open source, pre- kernel/VMM module that uses Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured and verified launch of an OS kernel/VMM. The root of trust is in the hardware and a TPM is required. Compute nodes in an OPNFV deployment boot with Intel TXT technology enabled.
Read more about Trusted Boot and Trusted Computing.
Trusted Execution Environments (TEE)
The Trusted Execution Environment is an isolated execution environment which provides higher level of security such as isolated execution, integrity of Trusted Applications along with confidentiality of their assets.
Goals of a Trusted Execution Environments:
- Isolated Execution
- Secure Storage
- Remote Attestation
- Secure Provisioning
- Trusted Path
TEE platforms/implementations
- Intel’s TXT (Trusted Execution Technology)
- AMD Secure Execution Environment
- ARM TrustZone
All three of these TEE implementations provide a virtualized Execution Environment for the secure OS and applications.
To switch between the secure world and the normal world, Intel provides SMX Instructions, while ARM uses SMC. Programmatically, they all achieve very similar results.
Read more about Trusted Execution Environments here.
NIST SP800-147 , is a guidelines for firmware security, to ensure that the firmware itself is secure.
Read more about “Trusted compute pools”, in the OpenStack Security Guide.