Platform Attestation via Redfish.pdf

1、How Redfish can be used to bridge the gap between devices and the control planePlatform Attestation via RedfishSecurityPlatform Attestation via RedfishJeff Andersen,Staff Software Engineer,GoogleA birds-eye-view of disaggregated remote attestationAn overview of Redfish and SPDMRedfishs support for S

2、PDM measurementsIntegrating SPDM+Redfish into a remote attestation flowCall to ActionAgendaProduction is in a constant state of fluxSoftware always rolling out,machines breaking,getting fixedNothing is perfect:sometimes updates dont take,machines are incorrectly repairedMachines are cattle,not petsI

3、ndividual machines may fall over,but we like to know what happened to themAutomate,automate,automateRisk of outages must be minimizedE.g.,machines must not brick themselves en masseWhere possible,prefer complexity in the control plane rather than on-machineHyperscale Fleet Management PhilosophyCompl

4、exity of YoreRoot of trust(RoT)-Secure element with a strong cryptographic identityTwo strong assumptions:1:1 relationship between machines and RoTsEverything of interest is measured into the one RoTKernelBIOSUserspaceFlashDiskAppAppAppMeasurementsRoTComplexity of YesterdayKernelBIOSUserspaceFlashDi

5、skAppAppAppMeasurementsRoTNICProcessorAccelerator trayFlashBMCFlashASICASICASICASICFlashFlashFlashFlashRoTRoTRoTRoTRoTRoTComplexity of TodayCPU0CPU1NICSSDNICSSDBMCPCIE SW0PCIE SW1PCIE SW2PCIE SW3AICAICAICAICAICAICAICAICPE SlotPE SlotPE SlotPE SlotBMCRetimerRetimerRetimerRetimerRetimerRetimerRetimerR

6、etimerRetimerRetimerRetimerRetimerGPUGPUGPUGPUGPUAcceleratorBMCSwitchSwitchSwitchSwitch20 RoTs3x BMCs&power domainsDisaggregated AttestationServing MachineRoTRoTRoTRoTRoTRoTBMCRoTRoTRoTRoTRoTRoTBMCRoTRoTRoTRoTRoTRoTBMCRemote VerifierReference MeasurementsDisaggregated AttestationServing MachineRoTRo