keylime / meetings

Keylime meeting notes
1 stars 6 forks source link

Meeting 19/11/19 #34

Closed lukehinds closed 4 years ago

lukehinds commented 5 years ago

Project Board

https://github.com/orgs/keylime/projects/1

Attendees

Topics

TPM stack and tools assessment

We are seeing a lot of churn having to fix and change tpm code to resolves issues within tpm2-software projects. The past 2 weeks, all the time I have had to work on keylime has been trying to debug breakages with different tool versions or bugs in tpm2-abrmd.

From what I have seen there are two other possible alternatives

go-tpm looks promising, but its a go library and unless we want to create our own bindings, its not the most pragmatic of routes to pursue.

ibm-tss also looks promising, and also provides command line equivalents of the tss stack. It hjas a resource manager and works well with the simulator (as expected).

We can also consider that 3.x tools will be legacy soon, and 4.0 will stabilize.

Another option is to write our own tools that bind round tss, but we might find ourselves having to do a lot of maintenance work to keep up with tss changes.

enable provider verifier to run on the same machine as a tenant verifier

keylime/keylime#194

Fedora packaging:

bugzilla :

https://bugzilla.redhat.com/show_bug.cgi?id=1759276

blocked:

invoke_get_quote fails on tornado 6.0

keylime/keylime#196

Tools issues

HW tpm support yaml formatting

keylime/keylime#160 keylime/keylime#206 keylime/keylime#208 keylime/keylime#204

Keylime Raspberry Pi

keylime/keylime#190

UI Work

@amylily1011

Rust Agent

working on hooking code together.

Documentation help:

@atothRedHat @axelsimon
Three Part Key Derivation: keylime/keylime-docs#33
Introduce documentation on trusted payloads keylime/keylime-docs#41
Trusted Boot: keylime/keylime-docs#32
Secure payloads keylime/keylime-docs#41
System hardening: keylime/keylime-docs#31

vTPM port

keylime/keylime#29 @nabilschear @lukehinds @ozoder @cjustacoder

Need Help!

Validate against CoreOS: keylime/keylime#140
Separate out CFSSL: keylime/keylime#145
Shell exec hardening: keylime/keylime#131
Configurable Databases: keylime/keylime#130
Ansible integration: keylime/keylime#129

Parked

TPM 2.0 port
** keylime/rust-keylime#75

Implement rhboot

keylime/keylime#63 @lukehinds