From Fedora Project Wiki
 
(4 intermediate revisions by 2 users not shown)
Line 14: Line 14:


== Current status ==
== Current status ==
[[Category:ChangeAcceptedF33]]
[[Category:SelfContainedChange]]
* Targeted release: [[Releases/33 | Fedora 33 ]]  
* Targeted release: [[Releases/33 | Fedora 33 ]]  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
Line 24: Line 27:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug:
* FESCo issue: [https://pagure.io/fesco/issue/2447 #2447]
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1859994 #1859994]
* Release Notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/538 #538]


== Detailed Description ==
== Detailed Description ==
Line 81: Line 86:


== Release Notes ==
== Release Notes ==
[[Category:ChangePageIncomplete]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- The Wrangler announces the Change to the devel-announce list and changes the category to Category:ChangeAnnounced (no action required) -->
<!-- After review, the Wrangler will move your page to Category:ChangeReadyForFesco... if it still needs more work it will move back to Category:ChangePageIncomplete-->
<!-- Select proper category, default is Self Contained Change -->
[[Category:SelfContainedChange]]
<!-- [[Category:SystemWideChange]] -->

Latest revision as of 13:40, 23 July 2020

Support PARSEC

Summary

PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. From a hardware perspective the PARSEC daemon can currerntly use a TPM2, HSM or an Arm TrustZone secure world application.

Owner

Current status

Detailed Description

PARSEC (Platform AbstRaction for SECurity) is an initiative started out of Arm to provide a straight forward API for accessing secure credentials stored in hardware. It's a sandbox project in the CNCF.

Benefit to Fedora

PARSEC is a useful technology for Fedora because making HW security technologies appear seemless to applications and users helps make security more straight forward and secure overall. It's a relative new initiative and having it available in Fedora for people to start to integrate into their applications helps make Fedora a leader in security in particular for Internet of Things and Device Edge. The IoT Edition will be using PARSEC.

Scope

  • Proposal owners:
    • Package the PARSEC daemon, libraries and language bindings.
  • Other developers:
    • No impact but developers may wish to add support for PARSEC to their application.
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

This is net new to Fedora so there is no upgrade issues.

How To Test

There's a number of hardware options for testing. Any device with a TPM2 including most modern laptops.

There will be selection of Arm devices available (final models still TBD) with the appropriate firmware running the TrustZone secure world application.

A VM with a swTPM, while not secure, will enable testing.

A number of HW security modules, exact devices still TBD.

User Experience

There will be a new daemon start in the early boot process for those that install the PARSEC stack. Fedora IoT Edition will install and start this by default.

The Red Hat Device Edge team and Arm are working on a demo application for IoT to provide a demonstration application on the technology.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: Most of the work here is packaging so if it doesn't make the release it would be available as an installable update.
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? No.
  • Blocks product? No.

Documentation

N/A (not a System Wide Change)

Release Notes