Support PARSEC - Fedora 33 Self-Contained Change proposal
https://fedoraproject.org/wiki/Changes/PARSEC == Summary == PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. From a hardware perspective the PARSEC daemon can currerntly use a TPM2, HSM or an Arm TrustZone secure world application. == Owner == * Name: [[User:pbrobinson| Peter Robinson]], [[User:puiterwijk | Patrick Uiterwijk]] * Email: [mailto:pbrobin...@gmail.com| pbrobin...@gmail.com], [mailto:patr...@puiterwijk.org | patr...@puiterwijk.org] == Detailed Description == PARSEC (Platform AbstRaction for SECurity) is an initiative started out of Arm to provide a straight forward API for accessing secure credentials stored in hardware. It's a sandbox project in the CNCF. == Benefit to Fedora == PARSEC is a useful technology for Fedora because making HW security technologies appear seemless to applications and users helps make security more straight forward and secure overall. It's a relative new initiative and having it available in Fedora for people to start to integrate into their applications helps make Fedora a leader in security in particular for Internet of Things and Device Edge. The IoT Edition will be using PARSEC. == Scope == * Proposal owners: ** Package the PARSEC daemon, libraries and language bindings. * Other developers: ** No impact but developers may wish to add support for PARSEC to their application. * Release engineering: [https://pagure.io/releng/issue/9583 #9583] * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == This is net new to Fedora so there is no upgrade issues. == How To Test == There's a number of hardware options for testing. Any device with a TPM2 including most modern laptops. There will be selection of Arm devices available (final models still TBD) with the appropriate firmware running the TrustZone secure world application. A VM with a swTPM, while not secure, will enable testing. A number of HW security modules, exact devices still TBD. == User Experience == There will be a new daemon start in the early boot process for those that install the PARSEC stack. Fedora IoT Edition will install and start this by default. The Red Hat Device Edge team and Arm are working on a demo application for IoT to provide a demonstration application on the technology. == Dependencies == N/A (not a System Wide Change) == Contingency Plan == * Contingency mechanism: Most of the work here is packaging so if it doesn't make the release it would be available as an installable update. * Contingency deadline: N/A (not a System Wide Change) * Blocks release? No. * Blocks product? No. == Documentation == N/A (not a System Wide Change) == Release Notes == -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis ___ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Support PARSEC - Fedora 33 Self-Contained Change proposal
https://fedoraproject.org/wiki/Changes/PARSEC == Summary == PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide a common API to hardware security and cryptographic services in a platform-agnostic way. This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. From a hardware perspective the PARSEC daemon can currerntly use a TPM2, HSM or an Arm TrustZone secure world application. == Owner == * Name: [[User:pbrobinson| Peter Robinson]], [[User:puiterwijk | Patrick Uiterwijk]] * Email: [mailto:pbrobin...@gmail.com| pbrobin...@gmail.com], [mailto:patr...@puiterwijk.org | patr...@puiterwijk.org] == Detailed Description == PARSEC (Platform AbstRaction for SECurity) is an initiative started out of Arm to provide a straight forward API for accessing secure credentials stored in hardware. It's a sandbox project in the CNCF. == Benefit to Fedora == PARSEC is a useful technology for Fedora because making HW security technologies appear seemless to applications and users helps make security more straight forward and secure overall. It's a relative new initiative and having it available in Fedora for people to start to integrate into their applications helps make Fedora a leader in security in particular for Internet of Things and Device Edge. The IoT Edition will be using PARSEC. == Scope == * Proposal owners: ** Package the PARSEC daemon, libraries and language bindings. * Other developers: ** No impact but developers may wish to add support for PARSEC to their application. * Release engineering: [https://pagure.io/releng/issue/9583 #9583] * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == This is net new to Fedora so there is no upgrade issues. == How To Test == There's a number of hardware options for testing. Any device with a TPM2 including most modern laptops. There will be selection of Arm devices available (final models still TBD) with the appropriate firmware running the TrustZone secure world application. A VM with a swTPM, while not secure, will enable testing. A number of HW security modules, exact devices still TBD. == User Experience == There will be a new daemon start in the early boot process for those that install the PARSEC stack. Fedora IoT Edition will install and start this by default. The Red Hat Device Edge team and Arm are working on a demo application for IoT to provide a demonstration application on the technology. == Dependencies == N/A (not a System Wide Change) == Contingency Plan == * Contingency mechanism: Most of the work here is packaging so if it doesn't make the release it would be available as an installable update. * Contingency deadline: N/A (not a System Wide Change) * Blocks release? No. * Blocks product? No. == Documentation == N/A (not a System Wide Change) == Release Notes == -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
