Difference between revisions of "Security"

From OpenCompute
Jump to: navigation, search
(Recordings from Past Calls)
(IC Representative)
(39 intermediate revisions by 2 users not shown)
Line 11: Line 11:
  
 
:- [https://146a55aca6f00848c565-a7635525d40ac1c70300198708936b4e.ssl.cf1.rackcdn.com/files/e1db398bce18523d1cbecd13cc60688c942a5d5c.pdf Charter]
 
:- [https://146a55aca6f00848c565-a7635525d40ac1c70300198708936b4e.ssl.cf1.rackcdn.com/files/e1db398bce18523d1cbecd13cc60688c942a5d5c.pdf Charter]
 
:- [https://docs.google.com/document/d/1EvlqpTiBu499kZkaZWHenO_0BzB1MbNDsxtfSt_FIRQ/edit Security Project Specifications (Top Level Doc)]
 
  
 
:- [https://docs.google.com/spreadsheets/d/1o5Vx8QFfHX_AO9pNw5wEjVNeCQ516P55ef71dhz4f6M/edit#gid=0 Meeting Agenda]
 
:- [https://docs.google.com/spreadsheets/d/1o5Vx8QFfHX_AO9pNw5wEjVNeCQ516P55ef71dhz4f6M/edit#gid=0 Meeting Agenda]
 
:- [https://docs.google.com/document/d/1pdIm7drr75HvZry7dzM2Ts-b8z-UuwhkjPIdrrPZROQ/edit Face to Face Meeting Minutes]
 
  
 
Works in Progress
 
Works in Progress
Line 24: Line 20:
 
::- [https://docs.google.com/document/d/13I-meE6BxiLB_c-Mjr3cLLK9S0SjuPuRjPfS9yTG6P8/edit Common Security Threats]
 
::- [https://docs.google.com/document/d/13I-meE6BxiLB_c-Mjr3cLLK9S0SjuPuRjPfS9yTG6P8/edit Common Security Threats]
  
::- [https://docs.google.com/document/d/1Tea1Nfg9T5R7O-pVtorGhQ0UHQzCdMBMckT2hJfBKB8/edit Secure Update]
+
::- [https://docs.google.com/document/d/1Tea1Nfg9T5R7O-pVtorGhQ0UHQzCdMBMckT2hJfBKB8/edit Secure Update and Recovery DEPRECATED]
  
 
::- [https://docs.google.com/document/d/1I1eNJvB9oFjnD8oiEBRK5SGFGhKW8AqxrLOqBSzSYoQ/edit Attestation Scope]
 
::- [https://docs.google.com/document/d/1I1eNJvB9oFjnD8oiEBRK5SGFGhKW8AqxrLOqBSzSYoQ/edit Attestation Scope]
Line 30: Line 26:
 
:::- [https://docs.google.com/document/d/1fzBnA6N9vGYj--Mxit9Whp0TPPyGqgOyBlHdgCN9F_Q/edit Attestation of Systems and System Components]
 
:::- [https://docs.google.com/document/d/1fzBnA6N9vGYj--Mxit9Whp0TPPyGqgOyBlHdgCN9F_Q/edit Attestation of Systems and System Components]
  
:::- [https://docs.google.com/document/d/1DQGXpOEliExRPil4ozr8A50nibJpGAvAH1PW0uZRZrA/edit# Attestation: Use Cases]
+
:::- [https://docs.google.com/document/d/1DQGXpOEliExRPil4ozr8A50nibJpGAvAH1PW0uZRZrA/edit Attestation: Use Cases]
  
 
::- [https://docs.google.com/document/d/1Se1Dd-raIZhl_xV3MnECeuu_I0nF-keg4kqXyK4k4Wc/edit Secure Boot]
 
::- [https://docs.google.com/document/d/1Se1Dd-raIZhl_xV3MnECeuu_I0nF-keg4kqXyK4k4Wc/edit Secure Boot]
  
::- [https://docs.google.com/document/d/1kP9LLHSkMZetqL3K1q32DnG_y4Scb_mKZp3-gMfeGPA/edit Hardware Interface]
+
::- [https://docs.google.com/document/d/1Ge_w9i5A6YKG-7nlTp--JhZf6By7I9oB3oW_2_i7JbE/edit Recovery]
 +
 
 +
::- [https://docs.google.com/spreadsheets/d/1Tu42ZawQoaWqgqC5lY-PNdw48QsILyjI/edit#gid=1174137179 Security Checklist and Badges]
 +
 
 +
::- [https://docs.google.com/document/d/18dyizlg0betQTlad3nFY4jpXaG09QasQPVwCM572StY/edit?usp=sharing Management Interface Requirements]
 +
 
 +
::- [https://docs.google.com/document/d/1-bfAF86cEKcn1guF-Qj2C2HhMM2oJ2njNGdHxZeetR0/edit# Secure Platform Overview]
 +
 
 +
::- [https://docs.google.com/document/d/1oANhjvv_R7E5n8w1RroN8l8-0jdYlfdQDp_3RqGV66k/edit# Ownership Transfer]
 +
 
 +
::- [https://docs.google.com/document/d/17QAXfpEDlIvSbw0pFJ9wKeIBeBwIFkP4Z8SjhxyECAw/edit# Work Backlog & Prioritization]
 +
 
 +
OCP blogs and announcements
 +
 
 +
::- [https://www.opencompute.org/blog/ocp-security-announces-version-10-specs-for-root-of-trust Fall 2020 OCP Tech Week Blog Post]
 +
 
 +
::- [https://www.prnewswire.com/news-releases/ocp-announces-v1-0-of-security-requirements-documents-improving-security-and-trust-for-future-ocp-servers-with-hardware-root-of-trust-301169974.html Fall 2020 PR Newswire Announcement]
  
::- [https://docs.google.com/document/d/1lCUGMOTLtIUrvgkCdwQgz570-ZEKSXimsagFPjBYCYc/edit Recovery]
 
  
 
Reference
 
Reference
Line 47: Line 58:
  
 
:- [https://drive.google.com/file/d/1q8sSnFtbRuSmYxyKHOLMNBJqLNekBsDL/view?usp=sharing Trusted Platform Module 2.0 Policy Authorization] (IBM) Presented 2020-08-18 by Ken Goldman
 
:- [https://drive.google.com/file/d/1q8sSnFtbRuSmYxyKHOLMNBJqLNekBsDL/view?usp=sharing Trusted Platform Module 2.0 Policy Authorization] (IBM) Presented 2020-08-18 by Ken Goldman
 +
 +
:- [https://github.com/opencomputeproject/Security/blob/master/SecureFirmwareDevelopmentBestPractices.md CSIS Firmware Development Best Practices]
 +
 +
:- [https://drive.google.com/file/d/1fC5c8dMvS95OzWMClDrIXe7FjYMHeqZF/view?usp=sharing Google Position on Attested Boot Logs] Presented 2021-02-23 by Jeff Andersen
 +
 +
:- [https://drive.google.com/file/d/1098TOVfY8dnFyZHlWH_PUcueBs3f8jbI/view?usp=sharing Delivering Platform Integrity Without Universal Secure Boot] Presented 2021-03-23 by Jeff Andersen
 +
 +
:- [https://drive.google.com/file/d/1t4DZztlFjQwQ2qBc6x6XTox3lvAIFlQN/view?usp=sharing Recovery Spec Overview] Presented 2021-03-30 by Bryan Kelly
  
 
==Approved Publications==
 
==Approved Publications==
Line 55: Line 74:
  
 
===IC Representative===
 
===IC Representative===
:- [mailto:elaine.palmer@ocproject.net Elaine Palmer] (IBM)
+
:- [mailto:andres.lagar-cavilla@ocproject.net Andres Lagar-Cavilla] (Google)
 +
 
 
===Project Leads===
 
===Project Leads===
 
:- [mailto:nate.klein@ocproject.net Nate Klein] (Google)
 
:- [mailto:nate.klein@ocproject.net Nate Klein] (Google)
Line 83: Line 103:
  
 
==Recordings from Past Calls==
 
==Recordings from Past Calls==
 +
:- [https://www.youtube.com/watch?v=effKwMAh_r4 August 10th, 2021]
 +
:- [https://www.youtube.com/watch?v=X1qfSoKnTWs August 3rd, 2021]
 +
:- [https://www.youtube.com/watch?v=xwBoXJWa1i8 July 27th, 2021]
 +
:- [https://www.youtube.com/watch?v=JW2k43i0eWc July 20th, 2021]
 +
:- [https://www.youtube.com/watch?v=Zg0EcFmphrE July 13th, 2021]
 +
:- [https://www.youtube.com/watch?v=WGNjMawjr8M June 29th, 2021]
 +
:- [https://www.youtube.com/watch?v=4H-y4CAXPdU June 22nd, 2021]
 +
:- [https://www.youtube.com/watch?v=4OOVMbm6uAI June 15th, 2021]
 +
:- [https://www.youtube.com/watch?v=8MAhAykZ5cs June 8th, 2021]
 +
:- [https://www.youtube.com/watch?v=Z_QX9Y2s9P4 June 1st, 2021]
 +
:- [https://www.youtube.com/watch?v=LWg4NIOkqOI May 25th, 2021]
 +
:- [https://www.youtube.com/watch?v=wQo6IiK1M1I May 18th, 2021]
 +
:- [https://www.youtube.com/watch?v=Q77IvLzDj2E May 11th, 2021]
 +
:- [https://www.youtube.com/watch?v=M6cid7COeeg April 27th, 2021]
 +
:- [https://www.youtube.com/watch?v=f2uBU4Dj2Mw April 20th, 2021]
 +
:- [https://www.youtube.com/watch?v=yjwsy6OjKT0 April 13th, 2021]
 +
:- [https://www.youtube.com/watch?v=6zu0_ioDMyE April 6th, 2021]
 +
:- [https://www.youtube.com/watch?v=vF0c0j-PT0k March 30th, 2021]
 +
:- [https://www.youtube.com/watch?v=O1V3B2jU5TI March 23rd, 2021]
 +
:- [https://www.youtube.com/watch?v=LU4LI9TLJNQ March 16th, 2021]
 +
:- [https://www.youtube.com/watch?v=dl06fR5yIZY March 2nd, 2021]
 +
:- [https://www.youtube.com/watch?v=6cU12vdrM2Q February 23rd, 2021]
 +
:- [https://www.youtube.com/watch?v=qZTPObaagao February 16th, 2021]
 +
:- [https://www.youtube.com/watch?v=6eJqBQiJUkc February 9th, 2021]
 +
:- [https://www.youtube.com/watch?v=7TzAGcV6X8k February 2nd, 2021]
 +
:- [https://www.youtube.com/watch?v=BLyOdJxhRGU January 26th, 2021]
 +
:- [https://www.youtube.com/watch?v=c1hG52usLF4 January 19th, 2021]
 +
:- [https://www.youtube.com/watch?v=cSo_4BP7gFo January 12th, 2021]
 +
:- [https://www.youtube.com/watch?v=Xx176MGBr2A December 8th, 2020]
 +
:- [https://www.youtube.com/watch?v=UiKjJ3ksJ3E November 3rd, 2020]
 +
:- [https://www.youtube.com/watch?v=qzBK50yngEo October 27th, 2020]
 +
:- [https://www.youtube.com/watch?v=ePE3e1eGoj4 October 20th, 2020]
 +
:- [https://www.youtube.com/watch?v=tgCf9aPCuzQ October 13th, 2020]
 +
:- [https://www.youtube.com/watch?v=kAsDr49AEc0 October 6th, 2020]
 +
:- [https://www.youtube.com/watch?v=VDZf2J6T9LQ September 22nd, 2020]
 +
:- [https://www.youtube.com/watch?v=Yejvc0LWUl0 September 15th, 2020]
 
:- [https://www.youtube.com/watch?v=WH9kBfDp6Yo September 8th, 2020]
 
:- [https://www.youtube.com/watch?v=WH9kBfDp6Yo September 8th, 2020]
 
:- [https://www.youtube.com/watch?v=lwNSrUE7xWI September 1st, 2020]
 
:- [https://www.youtube.com/watch?v=lwNSrUE7xWI September 1st, 2020]

Revision as of 12:06, 30 August 2021

OCP-security-v1-17a3x.png

Welcome

OCP Security Project
This Project is open to the public and we want to welcome all those who would like to be involved.

Disclaimer: Please do not submit any confidential information to the Project Community. All presentation materials, proposals, meeting minutes and/or supporting documents are published by OCP and are open to the public in accordance to OCP's Bylaws and IP Policy. This can be found on the OCP OCP Policies page. If you have any questions please contact OCP.

Documents

- Charter
- Meeting Agenda

Works in Progress

- Glossary
- Common Security Threats
- Secure Update and Recovery DEPRECATED
- Attestation Scope
- Attestation of Systems and System Components
- Attestation: Use Cases
- Secure Boot
- Recovery
- Security Checklist and Badges
- Management Interface Requirements
- Secure Platform Overview
- Ownership Transfer
- Work Backlog & Prioritization

OCP blogs and announcements

- Fall 2020 OCP Tech Week Blog Post
- Fall 2020 PR Newswire Announcement


Reference

- Certificate Templates for DICE Attestation (Intel) Presented 2019-04-30
- SPIRAL Protocol Family (Intel) Presented 2019-01-29
- SPIRAL Protocol Family (Intel) Presented 2019-03-05
- Trusted Platform Module 2.0 Policy Authorization (IBM) Presented 2020-08-18 by Ken Goldman
- CSIS Firmware Development Best Practices
- Google Position on Attested Boot Logs Presented 2021-02-23 by Jeff Andersen
- Delivering Platform Integrity Without Universal Secure Boot Presented 2021-03-23 by Jeff Andersen
- Recovery Spec Overview Presented 2021-03-30 by Bryan Kelly

Approved Publications

- INFO, White Paper, Ownership and Control of Firmware in Open Compute Project Devices, IBM

Project Leadership

IC Representative

- Andres Lagar-Cavilla (Google)

Project Leads

- Nate Klein (Google)
- Bryan Kelly (Microsoft)

Get Involved

- Mailing List

Past Events

F2F Meeting at Facebook, October 8-9th, 2019

- Meeting Notes
- Recording coming soon

Regular Project Calls

This project meets weekly on Tuesdays at 8:30am PT (please check the call calendar).

- Call Calendar
- Call Link

You can also dial in using your phone. United States: +1 (312) 757-3117 Access Code: 271-200-085

Recordings from Past Calls

- August 10th, 2021
- August 3rd, 2021
- July 27th, 2021
- July 20th, 2021
- July 13th, 2021
- June 29th, 2021
- June 22nd, 2021
- June 15th, 2021
- June 8th, 2021
- June 1st, 2021
- May 25th, 2021
- May 18th, 2021
- May 11th, 2021
- April 27th, 2021
- April 20th, 2021
- April 13th, 2021
- April 6th, 2021
- March 30th, 2021
- March 23rd, 2021
- March 16th, 2021
- March 2nd, 2021
- February 23rd, 2021
- February 16th, 2021
- February 9th, 2021
- February 2nd, 2021
- January 26th, 2021
- January 19th, 2021
- January 12th, 2021
- December 8th, 2020
- November 3rd, 2020
- October 27th, 2020
- October 20th, 2020
- October 13th, 2020
- October 6th, 2020
- September 22nd, 2020
- September 15th, 2020
- September 8th, 2020
- September 1st, 2020
- August 25th, 2020
- August 18th, 2020
- August 11th, 2020
- July 28th, 2020
- July 21st, 2020
- July 14th, 2020
- July 7th, 2020
- June 23rd, 2020
- June 16th, 2020
- June 2nd, 2020
- May 26th, 2020
- May 19th, 2020
- May 5th, 2020
- April 28th, 2020
- April 21st, 2020
- April 14th, 2020
- March 24th, 2020
- March 10th, 2020
- February 11th, 2020
- February 4th, 2020
- January 7th, 2019
- December 17th, 2019
- November 12th, 2019
- October 15th, 2019
- September 3rd, 2019
- August 27th, 2019
- August 20th, 2019
- August 13th, 2019
- July 30th, 2019
- July 23rd, 2019
- July 16th, 2019
- July 9th, 2019
- June 18th, 2019
- May 28th, 2019
- May 14th, 2019
- May 7th, 2019
- April 30th, 2019
- April 23rd, 2019
- April 16th, 2019
- Apr 9th, 2019
- Apr 2nd, 2019
- Mar 26th, 2019
- Mar 19th, 2019
- Mar 5th, 2019
- Feb 26th, 2019
- Feb 19th, 2019
- Feb 12th, 2019
- Feb 5th, 2019
- Jan 29th, 2019
- Jan 22nd, 2019
- Jan 15th, 2019
- Jan 8th, 2019
- Dec 18th, 2018
- Dec 11th, 2018
- Dec 4th, 2018
- Nov 27th, 2018
- Nov 13th, 2018
- Nov 6th, 2018
- Oct 16th, 2018
- Oct 9th, 2018
- Sep 25th, 2018
- Sep 11th, 2018
- Sep 4th, 2018
- Aug 21st, 2018
- Aug 7th, 2018
- Jul 24th, 2018
- Jul 17th, 2018
- Jun 19th, 2018
- Jun 5th, 2018
- May 29, 2018
- May 1st, 2018
- Apr 24th, 2018
- Apr 3rd, 2018
- Mar 27th, 2018
- Mar 13th, 2018
- Mar 6th, 2018
- Feb 27th, 2018
- Feb 20th, 2018
- Feb 13th, 2018
- Feb 6th, 2018
- Jan 30th, 2018