From Fedora Project Wiki

Revision as of 19:24, 15 July 2020 by Bcotton (talk | contribs) (Submitted to FESCo)

Support PARSEC

Summary

PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. From a hardware perspective the PARSEC daemon can currerntly use a TPM2, HSM or an Arm TrustZone secure world application.

Owner

Current status

  • Targeted release: Fedora 33
  • Last updated: 2020-07-15
  • FESCo issue: #2447
  • Tracker bug:

Detailed Description

PARSEC (Platform AbstRaction for SECurity) is an initiative started out of Arm to provide a straight forward API for accessing secure credentials stored in hardware. It's a sandbox project in the CNCF.

Benefit to Fedora

PARSEC is a useful technology for Fedora because making HW security technologies appear seemless to applications and users helps make security more straight forward and secure overall. It's a relative new initiative and having it available in Fedora for people to start to integrate into their applications helps make Fedora a leader in security in particular for Internet of Things and Device Edge. The IoT Edition will be using PARSEC.

Scope

  • Proposal owners:
    • Package the PARSEC daemon, libraries and language bindings.
  • Other developers:
    • No impact but developers may wish to add support for PARSEC to their application.
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

This is net new to Fedora so there is no upgrade issues.

How To Test

There's a number of hardware options for testing. Any device with a TPM2 including most modern laptops.

There will be selection of Arm devices available (final models still TBD) with the appropriate firmware running the TrustZone secure world application.

A VM with a swTPM, while not secure, will enable testing.

A number of HW security modules, exact devices still TBD.

User Experience

There will be a new daemon start in the early boot process for those that install the PARSEC stack. Fedora IoT Edition will install and start this by default.

The Red Hat Device Edge team and Arm are working on a demo application for IoT to provide a demonstration application on the technology.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: Most of the work here is packaging so if it doesn't make the release it would be available as an installable update.
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? No.
  • Blocks product? No.

Documentation

N/A (not a System Wide Change)

Release Notes