Puiterwijk (talk | contribs) (Update Summary to include what it does) |
|||
(6 intermediate revisions by 3 users not shown) | |||
Line 6: | Line 6: | ||
== Owner == | == Owner == | ||
* Name: [[User:pbrobinson| Peter Robinson]] | * Name: [[User:pbrobinson| Peter Robinson]], [[User:puiterwijk | Patrick Uiterwijk]] | ||
* Email: [mailto:pbrobinson@gmail.com| pbrobinson@gmail.com] | * Email: [mailto:pbrobinson@gmail.com| pbrobinson@gmail.com], [mailto:patrick@puiterwijk.org | patrick@puiterwijk.org] | ||
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | * Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | ||
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | ||
Line 14: | Line 14: | ||
== Current status == | == Current status == | ||
[[Category:ChangeAcceptedF33]] | |||
[[Category:SelfContainedChange]] | |||
* Targeted release: [[Releases/33 | Fedora 33 ]] | * Targeted release: [[Releases/33 | Fedora 33 ]] | ||
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | * Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | ||
Line 24: | Line 27: | ||
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | ||
--> | --> | ||
* Tracker bug: | * FESCo issue: [https://pagure.io/fesco/issue/2447 #2447] | ||
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1859994 #1859994] | |||
* Release Notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/538 #538] | |||
== Detailed Description == | == Detailed Description == | ||
Line 41: | Line 46: | ||
** No impact but developers may wish to add support for PARSEC to their application. | ** No impact but developers may wish to add support for PARSEC to their application. | ||
* Release engineering: [https://pagure.io/releng/issue/ | * Release engineering: [https://pagure.io/releng/issue/9583 #9583] | ||
** [[Fedora_Program_Management/ReleaseBlocking/Fedora{{FedoraVersionNumber|next}}|List of deliverables]]: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ** [[Fedora_Program_Management/ReleaseBlocking/Fedora{{FedoraVersionNumber|next}}|List of deliverables]]: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
<!-- Please check the list of Fedora release deliverables and list all the differences the feature brings --> | <!-- Please check the list of Fedora release deliverables and list all the differences the feature brings --> | ||
Line 81: | Line 86: | ||
== Release Notes == | == Release Notes == | ||
Latest revision as of 13:40, 23 July 2020
Support PARSEC
Summary
PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. From a hardware perspective the PARSEC daemon can currerntly use a TPM2, HSM or an Arm TrustZone secure world application.
Owner
- Name: Peter Robinson, Patrick Uiterwijk
- Email: pbrobinson@gmail.com, | patrick@puiterwijk.org
- Release notes owner:
Current status
- Targeted release: Fedora 33
- Last updated: 2020-07-23
- FESCo issue: #2447
- Tracker bug: #1859994
- Release Notes tracker: #538
Detailed Description
PARSEC (Platform AbstRaction for SECurity) is an initiative started out of Arm to provide a straight forward API for accessing secure credentials stored in hardware. It's a sandbox project in the CNCF.
Benefit to Fedora
PARSEC is a useful technology for Fedora because making HW security technologies appear seemless to applications and users helps make security more straight forward and secure overall. It's a relative new initiative and having it available in Fedora for people to start to integrate into their applications helps make Fedora a leader in security in particular for Internet of Things and Device Edge. The IoT Edition will be using PARSEC.
Scope
- Proposal owners:
- Package the PARSEC daemon, libraries and language bindings.
- Other developers:
- No impact but developers may wish to add support for PARSEC to their application.
- Release engineering: #9583
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
This is net new to Fedora so there is no upgrade issues.
How To Test
There's a number of hardware options for testing. Any device with a TPM2 including most modern laptops.
There will be selection of Arm devices available (final models still TBD) with the appropriate firmware running the TrustZone secure world application.
A VM with a swTPM, while not secure, will enable testing.
A number of HW security modules, exact devices still TBD.
User Experience
There will be a new daemon start in the early boot process for those that install the PARSEC stack. Fedora IoT Edition will install and start this by default.
The Red Hat Device Edge team and Arm are working on a demo application for IoT to provide a demonstration application on the technology.
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: Most of the work here is packaging so if it doesn't make the release it would be available as an installable update.
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? No.
- Blocks product? No.
Documentation
N/A (not a System Wide Change)