Security: Difference between revisions

From OpenCompute
Jump to navigation Jump to search
 
(48 intermediate revisions by 6 users not shown)
Line 41: Line 41:


::- [https://docs.google.com/document/d/17QAXfpEDlIvSbw0pFJ9wKeIBeBwIFkP4Z8SjhxyECAw/edit# Work Backlog & Prioritization]
::- [https://docs.google.com/document/d/17QAXfpEDlIvSbw0pFJ9wKeIBeBwIFkP4Z8SjhxyECAw/edit# Work Backlog & Prioritization]
Third Party Security Reviews
::- [https://drive.google.com/file/d/177hRzP05xE5OlvW7nuBH35SxaBSo1TRI/view?usp=share_link Firmware Security Review Framework (Draft)]
::- [https://drive.google.com/file/d/13XcR9QG0ZibR7dMs9TQTY7WnWyPs9oIB/view?usp=share_link NVMe Cloud SSD Specification Firmware Security Review Scope (Draft)]
::- [https://drive.google.com/file/d/18m0q3ZFZarYJzZ5lOuPShyBKIx6QfGVA/view?usp=share_link Firmware Security Audits (Slide Deck)]


OCP blogs and announcements
OCP blogs and announcements
Line 68: Line 78:


:- [https://drive.google.com/file/d/1FIIGfvdCC3uIrn_2FsWQu4EHdxzL9K-Q/view?usp=sharing Ownership Transfer and State Management] Presented 2022-03-08 by Jeff Andersen
:- [https://drive.google.com/file/d/1FIIGfvdCC3uIrn_2FsWQu4EHdxzL9K-Q/view?usp=sharing Ownership Transfer and State Management] Presented 2022-03-08 by Jeff Andersen
:- [https://drive.google.com/file/d/1UETpYWAtUORr-IT-qblvCWfjWDeuaaoJ/view?usp=sharing OCP Crypto Discussion] Presented 2022-08-08 by Huijun Xie
:- [https://drive.google.com/file/d/1hVj0qxCsZGg3ZXR70asCPRKz8eBRDC13/view?usp=sharing System Ownership and Firmware with Multiple Signing Domains] Presented 2022-08-23 by Daniil Egranov
:- [https://drive.google.com/file/d/1iPwIzVb1lqpebZokxwSEI6YfXAg9hdFL/view?usp=sharing OCP Recovery Overview] Presented by Eric Spada
:- [https://drive.google.com/file/d/1URO4X6ZEIcbbisHZThuw8AFfWsXmGN0d/view?usp=sharing TCG DICE and DMTF SPDM Binding] Presented 2022-08-30 by Chandra Nelogal and Brett Henning
:- [https://drive.google.com/file/d/1lSeeYijn4K5Cnd4AaIIw-yP8C7tmgell/view?usp=sharing Intro to Hash-based Signatures] Presented 2022-09-13 by Jeff Andersen
:- [https://drive.google.com/file/d/1yxlqAiNWvnX22aY-LX1L2kJBOnLRTC90/view?usp=sharing Attestation + TPM flows] Presented 2022-09-27 by Jeff Andersen
:- [https://drive.google.com/file/d/1zxtgMlBrxhXieO9phLgriuAUJl-Duchj/view?usp=sharing Port Remediation] Presented 2022-10-11 by Thomas Koh
:- [https://drive.google.com/file/d/1GZTy8rEcpJhXZlkL8TZrUis2x3-wIWhs/view?usp=share_link Media Sanitization] Presented 2022-12-06 by Jonmichael Hands and Arie van der Hoeven
:- [https://drive.google.com/file/d/1t5WSUZKzYUBYWses22I-yc-vDDIvAUQb/view?usp=sharing Port Remediation Update] Presented 2022-12-13 by Thomas Koh and Colin Mitchell
:- [https://docs.google.com/presentation/d/1Z0A3y-VskBf0Kp71zQOK6B2BipoQUNx8AoR6NGpDeIQ/edit?usp=sharing OCP "Streaming" Boot] Presented 2023-01-10 by Varun Sampath and Bharat Pillilli
:- [https://drive.google.com/file/d/1mcn86zaEyk5kir-bb1R0MUm6XNG1oBaR/view?usp=share_link Attested Reset] Presented 2023-01-17 by Jeff Andersen
:- [https://drive.google.com/file/d/1KIo0mwYQ9KmH13oqef4Oc2-emDH6WsJS/view?usp=share_link SBOMs] Presented 2023-02-14 by Bryan Kelly
:- [https://drive.google.com/file/d/1WCquWiaBlAsoInLwDX8NkMxnptVMBNuJ/view?usp=share_link Secure Manufacturing] Presented 2023-03-28 by Jeff Plank
:- [https://drive.google.com/file/d/1JE56f_DOJEhMVb_o6MW10DqshoAVWNov/view?usp=sharing 3P Firmware Audits] Presented 2023-04-12 by Eric Eilertson, Þórður Björnsson
:- [https://drive.google.com/file/d/1F6Dkx9dvnGz4UPHm1_Nqzm0pulvi-xib/view?usp=share_link 3P Audits] Presented 2023-05-16 by Alex Matrosov
:- [https://drive.google.com/file/d/1I04Fxi8P1XsvnMrTzkkUoMruFfqNBTM1/view?usp=sharing Requests to NIST regarding asymmetric key derivation] Presented 2023-06-06 by Jeff Andersen and Thomas Bowen
:- [https://drive.google.com/file/d/1Z8dQSqCr_iGOO8yT0PKW5PAnGHV3q_M6/view?usp=sharing Specification and Formal Verification of Attestation Mechanisms in Confidential Computing] Presented 2023-06-13 by Muhammad Usama Sardar
:- [https://drive.google.com/file/d/1_T6k_fCjz1njYeDJJfyh6PtRbhVB3w7H/view?usp=drive_link Request to NIST regarding HBS key export] Presented 2023-08-22 by Jeff Andersen
:- [https://drive.google.com/file/d/1og-YYG9zOutfcNVbMAwNP0z9nbZH-QmF/view?usp=sharing Device attestation 1] Presented 2024-01-09 by Roksana Mojarad
:- [https://drive.google.com/file/d/1vpxy3xso_T30DN1j53uA55s6wtSWfir6/view?usp=sharing Device attestation 2] Presented 2024-01-23 by Roksana Mojarad
:- [https://drive.google.com/file/d/1u4nE-DCs7KBWfRFf9fcJ_Oxmdd6kdUtd/view?usp=sharing Firmware attestation demo] Presented 2024-01-23 by Roksana Mojarad


==Approved Publications==
==Approved Publications==
Line 83: Line 135:


===Project Leads===
===Project Leads===
:- [mailto:nate.klein@ocproject.net Nate Klein] (Google)
:- [mailto:OCP.Security-Lead1@ocproject.net Jeff Andersen] (Google)


:- [mailto:bryan.kelly@ocproject.net Bryan Kelly] (Microsoft)
:- [mailto:bryan.kelly@ocproject.net Bryan Kelly] (Microsoft)
Line 99: Line 151:
==Regular Project Calls==
==Regular Project Calls==


This project meets weekly on Tuesdays at 8:30am PT (please check the call calendar).
This project meets weekly on Tuesdays at 9am PT (please check the call calendar).


:- [https://www.opencompute.org/projects/security Call Calendar]
:- [https://www.opencompute.org/projects/security Call Calendar]
:- [https://global.gotomeeting.com/join/271200085 Call Link]
:- [https://opencompute-org.zoom.us/j/85292919316?pwd=RGk1WkgxTlRVUEU5RWxsN2RJUWFMUT09 Call Link]
:- [https://docs.google.com/document/d/1VVMUzYESZNuyT1_YJlQSdSKBy-5t1otJIyXTbXuOoX4/edit Meeting Notes]
:- [https://docs.google.com/document/d/1VVMUzYESZNuyT1_YJlQSdSKBy-5t1otJIyXTbXuOoX4/edit Meeting Notes]
You can also dial in using your phone.
United States: +1 (312) 757-3117
Access Code: 271-200-085


==Recordings from Past Calls==
==Recordings from Past Calls==
OCP Security Project Call  
OCP Security Project Call
:-[https://www.youtube.com/watch?v=5SejykeQauU July 12, 2022]
:- [https://opencompute-org.zoom.us/rec/play/PIcn56_293e9-9vB6gvLeIl065muYO0Kt1ekcl5J-X9Vu5txEoK6MbaJC9JF645F-uPn7NcaCc_5nBAb.xIJRjeswOVF7xot9?canPlayFromShare=true&from=share_recording_detail&continueMode=true&pwd=gnKdHWYkaHYQwlVzE9o2Ea3ch0WyFEz1&componentName=rec-play&originRequestUrl=https%3A%2F%2Fopencompute-org.zoom.us%2Frec%2Fshare%2FPegUBcsVY73gLQswfqXxXvqIyzzkocLM4S0KtCrTG3L4iAAOhz8croxKecemREFL.UzjmMMLIcDHLRr9w%3Fpwd%3DgnKdHWYkaHYQwlVzE9o2Ea3ch0WyFEz1 March 12, 2024]
 
:- [https://opencompute-org.zoom.us/rec/play/ZEoXjz4yoKLHjlapfuUSLWiMhIEuvwhxNqXswK8N0RZ1kzIreI5S_1wbdRyY0osMali5l-Zgy1EKB4s.oIevIpI8Ey9i3a1y?canPlayFromShare=true&from=share_recording_detail&continueMode=true&pwd=ZAsPcNe5FQtB56FUVAWbzwMHwb9sGzfI&componentName=rec-play&originRequestUrl=https%3A%2F%2Fopencompute-org.zoom.us%2Frec%2Fshare%2FaW-nkLm7CEubCFXz_2iqf4fBmqj8MFsGcG2pcj8wX4dZwv5xcvZDGMdTsfVLdlGl._C4ebpn_7EwO03Rh%3Fpwd%3DZAsPcNe5FQtB56FUVAWbzwMHwb9sGzfI March 5, 2024]
:- [https://www.youtube.com/watch?v=QqWqmLiT8SQ Feb 6, 2024]
:- [https://www.youtube.com/watch?v=2O7SpFGLB9k Jan 30, 2024]
:- [https://www.youtube.com/watch?v=8nVGgKYbHMg Jan 23, 2024]
:- [https://www.youtube.com/watch?v=UfEYUby2zYo Jan 9, 2024]
:- [https://www.youtube.com/watch?v=wpuabUu8CVE Dec 5, 2023]
:- [https://www.youtube.com/watch?v=NfMTZ3sTsCw Nov 28, 2023]
:- [https://www.youtube.com/watch?v=kEg7g_YFpPs Nov 14 2023]
:- [https://www.youtube.com/watch?v=jBnc0grxKAQ Oct 31, 2023]
:- [https://www.youtube.com/watch?v=kJss3CnI9_8 September 12, 2023]
:- [https://www.youtube.com/watch?v=oUQNfP7NfRY August 29, 2023]
:- [https://www.youtube.com/watch?v=fv05QtP0UhM August 22, 2023]
:- [https://www.youtube.com/watch?v=ic1wDq416Mc August 15, 2023]
:- [https://www.youtube.com/watch?v=upGMu4vAF2M August 1, 2023]
:- [https://www.youtube.com/watch?v=KvQievXmZkA July 25, 2023]
:- [https://www.youtube.com/watch?v=vLqXiZSMyng July 18, 2023]
:- [https://www.youtube.com/watch?v=EvYXCvfH3vA July 11, 2023]
:- [https://www.youtube.com/watch?v=hcZ-O4odmxc June 20, 2023]
:- [https://www.youtube.com/watch?v=5WXPcGKxlYc June 13, 2023]
:- [https://www.youtube.com/watch?v=kiB3jDBUpRA June 6, 2023]
:- [https://www.youtube.com/watch?v=N0P-CLI3VD8 May 16, 2023]
:- [https://www.youtube.com/watch?v=oc4AXtx82AY May 9, 2023]
:- [https://www.youtube.com/watch?v=pKSFYjsIPQ0 May 2, 2023]
:- [https://www.youtube.com/watch?v=hLcop4xEcyw April 11, 2023]
:- [https://www.youtube.com/watch?v=JQfJo-50Rd8 March 28th, 2023]
:- [https://www.youtube.com/watch?v=dD7Yojz1qOI March 21, 2023]
:- [https://www.youtube.com/watch?v=wQpu2ZnJkAE February 28, 2023]
:- [https://www.youtube.com/watch?v=NFk09xwzRu8 February 14, 2023]
:- [https://www.youtube.com/watch?v=LuXkt4MEfLk January 31, 2023]
:- [https://www.youtube.com/watch?v=9AooIeS0m9U January 17, 2023]
:- [https://www.youtube.com/watch?v=nwD7bLssH8U January 10, 2023]
:- [https://www.youtube.com/watch?v=dOglaXDWYGs December 13th, 2022]
:- [https://www.youtube.com/watch?v=1wbEDfkgWqc December 6th, 2022]
:- [https://www.youtube.com/watch?v=cxUrEHheTXM November 29th, 2022]
:- November 15th, 2022 - No Recording
:- November 1st, 2022 - No Recording
:- [https://www.youtube.com/watch?v=woUQuPTzcxc October 11th, 2022]
:- [https://www.youtube.com/watch?v=v94hkpQ8104 October 4th, 2022]
:- [https://www.youtube.com/watch?v=g0aS4aWte28 September 27th, 2022]
:- [https://www.youtube.com/watch?v=lZ1PnJml1CY September 13th, 2022]
:- [https://www.youtube.com/watch?v=LzIHVkWcchM September 6th, 2022]
:- [https://www.youtube.com/watch?v=66pYmsaaCJo August 30th, 2022]
:- [https://www.youtube.com/watch?v=NOCDRkVErv4 August 23rd, 2022]
:- [https://www.youtube.com/watch?v=2lqz4cFUCFo August 9th, 2022]
:- [https://www.youtube.com/watch?v=XZ9yARreUt4 August 2nd, 2022]
:- [https://www.youtube.com/watch?v=KG-HU52I7gU July 26th, 2022]
:- [https://www.youtube.com/watch?v=5SejykeQauU July 12th, 2022]
:- [https://www.youtube.com/watch?v=S3YjOWY_Ljc June 28th, 2022]
:- [https://www.youtube.com/watch?v=peyF1slSreQ June 21st, 2022]
:- [https://www.youtube.com/watch?v=G_bChr7cj1o June 14th, 2022]
:- [https://www.youtube.com/watch?v=jlPlElUcx9g June 7th, 2022]
:- Call Cancelled
:- Call Cancelled
:- [https://www.youtube.com/watch?v=MR4r5Td7E54 May 19th, 2022]
:- [https://www.youtube.com/watch?v=MR4r5Td7E54 May 17th, 2022]
:- [https://www.youtube.com/watch?v=ygmaTc6n078 May 10th, 2022]
:- [https://www.youtube.com/watch?v=ygmaTc6n078 May 10th, 2022]
:- [https://www.opencompute.org/events/past-events/ocp-tech-talk-series-security May 3rd, 2022 Security Project Tech Talk]
:- [https://www.opencompute.org/events/past-events/ocp-tech-talk-series-security May 3rd, 2022 Security Project Tech Talk]

Latest revision as of 17:41, 12 March 2024

OCP-security-v1-17a3x.png

Welcome[edit]

OCP Security Project
This Project is open to the public and we want to welcome all those who would like to be involved.

Disclaimer: Please do not submit any confidential information to the Project Community. All presentation materials, proposals, meeting minutes and/or supporting documents are published by OCP and are open to the public in accordance to OCP's Bylaws and IP Policy. This can be found on the OCP OCP Policies page. If you have any questions please contact OCP.

Documents[edit]

- Charter
- Meeting Agenda

Works in Progress

- Glossary
- Common Security Threats
- Secure Update and Recovery DEPRECATED
- Attestation Scope
- Attestation of Systems and System Components
- Attestation: Use Cases
- Secure Boot
- Recovery
- Security Checklist and Badges
- Management Interface Requirements
- Secure Platform Overview
- Ownership Transfer
- Work Backlog & Prioritization


Third Party Security Reviews

- Firmware Security Review Framework (Draft)
- NVMe Cloud SSD Specification Firmware Security Review Scope (Draft)
- Firmware Security Audits (Slide Deck)


OCP blogs and announcements

- Fall 2020 OCP Tech Week Blog Post
- Fall 2020 PR Newswire Announcement


Reference

- Certificate Templates for DICE Attestation (Intel) Presented 2019-04-30
- SPIRAL Protocol Family (Intel) Presented 2019-01-29
- SPIRAL Protocol Family (Intel) Presented 2019-03-05
- Trusted Platform Module 2.0 Policy Authorization (IBM) Presented 2020-08-18 by Ken Goldman
- CSIS Firmware Development Best Practices
- Google Position on Attested Boot Logs Presented 2021-02-23 by Jeff Andersen
- Delivering Platform Integrity Without Universal Secure Boot Presented 2021-03-23 by Jeff Andersen
- Recovery Spec Overview Presented 2021-03-30 by Bryan Kelly
- Ownership Transfer and State Management Presented 2022-03-08 by Jeff Andersen
- OCP Crypto Discussion Presented 2022-08-08 by Huijun Xie
- System Ownership and Firmware with Multiple Signing Domains Presented 2022-08-23 by Daniil Egranov
- OCP Recovery Overview Presented by Eric Spada
- TCG DICE and DMTF SPDM Binding Presented 2022-08-30 by Chandra Nelogal and Brett Henning
- Intro to Hash-based Signatures Presented 2022-09-13 by Jeff Andersen
- Attestation + TPM flows Presented 2022-09-27 by Jeff Andersen
- Port Remediation Presented 2022-10-11 by Thomas Koh
- Media Sanitization Presented 2022-12-06 by Jonmichael Hands and Arie van der Hoeven
- Port Remediation Update Presented 2022-12-13 by Thomas Koh and Colin Mitchell
- OCP "Streaming" Boot Presented 2023-01-10 by Varun Sampath and Bharat Pillilli
- Attested Reset Presented 2023-01-17 by Jeff Andersen
- SBOMs Presented 2023-02-14 by Bryan Kelly
- Secure Manufacturing Presented 2023-03-28 by Jeff Plank
- 3P Firmware Audits Presented 2023-04-12 by Eric Eilertson, Þórður Björnsson
- 3P Audits Presented 2023-05-16 by Alex Matrosov
- Requests to NIST regarding asymmetric key derivation Presented 2023-06-06 by Jeff Andersen and Thomas Bowen
- Specification and Formal Verification of Attestation Mechanisms in Confidential Computing Presented 2023-06-13 by Muhammad Usama Sardar
- Request to NIST regarding HBS key export Presented 2023-08-22 by Jeff Andersen
- Device attestation 1 Presented 2024-01-09 by Roksana Mojarad
- Device attestation 2 Presented 2024-01-23 by Roksana Mojarad
- Firmware attestation demo Presented 2024-01-23 by Roksana Mojarad

Approved Publications[edit]

- Common Security Threats v1.0 White Paper
- Secure Boot v1.0 White Paper
- Attestation v1.0 White Paper
- INFO, White Paper, Ownership and Control of Firmware in Open Compute Project Devices, IBM
- INFO, White Paper, Best Practices for Firmware Code Signing, IBM

Project Leadership[edit]

IC Representative[edit]

- Andres Lagar-Cavilla (Google)

Project Leads[edit]

- Jeff Andersen (Google)
- Bryan Kelly (Microsoft)

Get Involved[edit]

- Mailing List

Past Events[edit]

F2F Meeting at Facebook, October 8-9th, 2019

- Meeting Notes
- Recording coming soon

Regular Project Calls[edit]

This project meets weekly on Tuesdays at 9am PT (please check the call calendar).

- Call Calendar
- Call Link
- Meeting Notes

Recordings from Past Calls[edit]

OCP Security Project Call

- March 12, 2024
- March 5, 2024
- Feb 6, 2024
- Jan 30, 2024
- Jan 23, 2024
- Jan 9, 2024
- Dec 5, 2023
- Nov 28, 2023
- Nov 14 2023
- Oct 31, 2023
- September 12, 2023
- August 29, 2023
- August 22, 2023
- August 15, 2023
- August 1, 2023
- July 25, 2023
- July 18, 2023
- July 11, 2023
- June 20, 2023
- June 13, 2023
- June 6, 2023
- May 16, 2023
- May 9, 2023
- May 2, 2023
- April 11, 2023
- March 28th, 2023
- March 21, 2023
- February 28, 2023
- February 14, 2023
- January 31, 2023
- January 17, 2023
- January 10, 2023
- December 13th, 2022
- December 6th, 2022
- November 29th, 2022
- November 15th, 2022 - No Recording
- November 1st, 2022 - No Recording
- October 11th, 2022
- October 4th, 2022
- September 27th, 2022
- September 13th, 2022
- September 6th, 2022
- August 30th, 2022
- August 23rd, 2022
- August 9th, 2022
- August 2nd, 2022
- July 26th, 2022
- July 12th, 2022
- June 28th, 2022
- June 21st, 2022
- June 14th, 2022
- June 7th, 2022
- Call Cancelled
- May 17th, 2022
- May 10th, 2022
- May 3rd, 2022 Security Project Tech Talk
- April 26th, 2022 Call Not Recorded
- April 19th, 2022
- April 12th, 2022
- April 5th, 2022
- March 29th, 2022
- March 22nd, 2022 Call Not Recorded
- March 15th, 2022
- March 8th, 2022
- February 22nd, 2022
- February 15th, 2022
- February 8th, 2022
- February 1st, 2022
- January 25th, 2022
- January 11th, 2022
- December 14th, 2021
- December 7th, 2021
- November 16th, 2021
- September 28th, 2021
- September 21st, 2021
- September 14th, 2021
- August 10th, 2021
- August 3rd, 2021
- July 27th, 2021
- July 20th, 2021
- July 13th, 2021
- June 29th, 2021
- June 22nd, 2021
- June 15th, 2021
- June 8th, 2021
- June 1st, 2021
- May 25th, 2021
- May 18th, 2021
- May 11th, 2021
- April 27th, 2021
- April 20th, 2021
- April 13th, 2021
- April 6th, 2021
- March 30th, 2021
- March 23rd, 2021
- March 16th, 2021
- March 2nd, 2021
- February 23rd, 2021
- February 16th, 2021
- February 9th, 2021
- February 2nd, 2021
- January 26th, 2021
- January 19th, 2021
- January 12th, 2021
- December 8th, 2020
- November 3rd, 2020
- October 27th, 2020
- October 20th, 2020
- October 13th, 2020
- October 6th, 2020
- September 22nd, 2020
- September 15th, 2020
- September 8th, 2020
- September 1st, 2020
- August 25th, 2020
- August 18th, 2020
- August 11th, 2020
- July 28th, 2020
- July 21st, 2020
- July 14th, 2020
- July 7th, 2020
- June 23rd, 2020
- June 16th, 2020
- June 2nd, 2020
- May 26th, 2020
- May 19th, 2020
- May 5th, 2020
- April 28th, 2020
- April 21st, 2020
- April 14th, 2020
- March 24th, 2020
- March 10th, 2020
- February 11th, 2020
- February 4th, 2020
- January 7th, 2019
- December 17th, 2019
- November 12th, 2019
- October 15th, 2019
- September 3rd, 2019
- August 27th, 2019
- August 20th, 2019
- August 13th, 2019
- July 30th, 2019
- July 23rd, 2019
- July 16th, 2019
- July 9th, 2019
- June 18th, 2019
- May 28th, 2019
- May 14th, 2019
- May 7th, 2019
- April 30th, 2019
- April 23rd, 2019
- April 16th, 2019
- Apr 9th, 2019
- Apr 2nd, 2019
- Mar 26th, 2019
- Mar 19th, 2019
- Mar 5th, 2019
- Feb 26th, 2019
- Feb 19th, 2019
- Feb 12th, 2019
- Feb 5th, 2019
- Jan 29th, 2019
- Jan 22nd, 2019
- Jan 15th, 2019
- Jan 8th, 2019
- Dec 18th, 2018
- Dec 11th, 2018
- Dec 4th, 2018
- Nov 27th, 2018
- Nov 13th, 2018
- Nov 6th, 2018
- Oct 16th, 2018
- Oct 9th, 2018
- Sep 25th, 2018
- Sep 11th, 2018
- Sep 4th, 2018
- Aug 21st, 2018
- Aug 7th, 2018
- Jul 24th, 2018
- Jul 17th, 2018
- Jun 19th, 2018
- Jun 5th, 2018
- May 29, 2018
- May 1st, 2018
- Apr 24th, 2018
- Apr 3rd, 2018
- Mar 27th, 2018
- Mar 13th, 2018
- Mar 6th, 2018
- Feb 27th, 2018
- Feb 20th, 2018
- Feb 13th, 2018
- Feb 6th, 2018
- Jan 30th, 2018