Puiterwijk (talk | contribs) (Update Summary to include what it does) |
Puiterwijk (talk | contribs) (Add puiterwijk as co-owner) |
||
Line 6: | Line 6: | ||
== Owner == | == Owner == | ||
* Name: [[User:pbrobinson| Peter Robinson]] | * Name: [[User:pbrobinson| Peter Robinson]], [[User:puiterwijk | Patrick Uiterwijk]] | ||
* Email: [mailto:pbrobinson@gmail.com| pbrobinson@gmail.com] | * Email: [mailto:pbrobinson@gmail.com| pbrobinson@gmail.com], [mailto:patrick@puiterwijk.org | patrick@puiterwijk.org] | ||
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | * Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | ||
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) |
Revision as of 09:14, 6 July 2020
Support PARSEC
Summary
PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. From a hardware perspective the PARSEC daemon can currerntly use a TPM2, HSM or an Arm TrustZone secure world application.
Owner
- Name: Peter Robinson, Patrick Uiterwijk
- Email: pbrobinson@gmail.com, | patrick@puiterwijk.org
- Release notes owner:
Current status
- Targeted release: Fedora 33
- Last updated: 2020-07-06
- Tracker bug:
Detailed Description
PARSEC (Platform AbstRaction for SECurity) is an initiative started out of Arm to provide a straight forward API for accessing secure credentials stored in hardware. It's a sandbox project in the CNCF.
Benefit to Fedora
PARSEC is a useful technology for Fedora because making HW security technologies appear seemless to applications and users helps make security more straight forward and secure overall. It's a relative new initiative and having it available in Fedora for people to start to integrate into their applications helps make Fedora a leader in security in particular for Internet of Things and Device Edge. The IoT Edition will be using PARSEC.
Scope
- Proposal owners:
- Package the PARSEC daemon, libraries and language bindings.
- Other developers:
- No impact but developers may wish to add support for PARSEC to their application.
- Release engineering: #XXX
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
This is net new to Fedora so there is no upgrade issues.
How To Test
There's a number of hardware options for testing. Any device with a TPM2 including most modern laptops.
There will be selection of Arm devices available (final models still TBD) with the appropriate firmware running the TrustZone secure world application.
A VM with a swTPM, while not secure, will enable testing.
A number of HW security modules, exact devices still TBD.
User Experience
There will be a new daemon start in the early boot process for those that install the PARSEC stack. Fedora IoT Edition will install and start this by default.
The Red Hat Device Edge team and Arm are working on a demo application for IoT to provide a demonstration application on the technology.
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: Most of the work here is packaging so if it doesn't make the release it would be available as an installable update.
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? No.
- Blocks product? No.
Documentation
N/A (not a System Wide Change)