Hypervisor Security First Published On: Last Updated On:

Transcription

1 First Published On: Last Updated On:

2 Table of Contents 1. Secure Design 1.1.Secure Design 1.2.Security Development Lifecycle 1.3.ESXi and Trusted Platform Module 2.0 (TPM) FAQ 2. Certifications and Validations 2.1.Certifications 2.2.Federal Information Processing Standards (FIPS) 2

3 1. Secure Design ESXi was built from the start to provide strong isolation, and VMware works to ensure the most secure design as it continues to evolve. 3

4 1.1 Secure Design 4

5 5

6 6

7 7

8 8

9 9

10 10

11 11

12 12

13 13

14 14

15 15

16 16

17 17

18 18

19 19

20 20

21 21

22 22

23 23

24 24

25 25

26 26

27 27

28 28

29 1.2 Security Development Lifecycle 29

30 Click to see the content 1.3 ESXi and Trusted Platform Module 2.0 (TPM) FAQ ESXi and Trusted Platform Module 2.0 (TPM) FAQ Questions Answers What is a TPM? TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy trustedcomputinggroup.org/trusted-platform-module-tpm-summary/ What is a "root storage key?" The Storage Root Key (SRK) is used to wrap TPM protected keys which can be stored outside the TPM. That data stored outside the TPM can be decrypted by passing it back through the TPM again for a decryption operation What is an "endorsement key?" Think of an Endorsement Key as the entity that comes sealed in a TPM by the manufacturer. It is a special-purpose, unique asymmetric encryption key, whose private part never leaves the TPM. For more information on the usage of the EK, see the Trusted Computing Group's writeup here: trustedcomputinggroup.org/wp-content/uploads/iwg-ek-cmcenrollment-for-tpm-v1-2-faq-rev-april pdf 30

31 Questions Answers What is "host attestation?" Host attestation is the process of validating the state of the host and its operating system at a given point in time. An ESXi host with a TPM 2.0 chip will measure, record, and securely store the identity of every software module being loaded from boot. At the time of boot, the vcenter Server can authenticate the signed ESXi software module metadata, the measurements stored in the TPM chip and definitively attest to the identity of the host. In this way, a TPM 2.0 chip can be used to establish a hardware root-of-trust. Do I need to setup anything in order to perform host attestation? No. All you need to do is add your host to your vcenter Server, reboot it and look for the attestation status in the Security Dashboard. How do I know my VM's are running on a trusted host? When ESXi boots using a hardware TPM 2.0 device it can attest that it has booted only with signed code. (as enforced using Secure Boot for ESXi, introduced in 6.5) vcenter will provide an attestation report you can consult to view the host attestation status. This trusted host then presents trusted virtual hardware to the VM. In 6.7 the ability to block a VM from moving to an untrusted host is not implemented. 31

32 2. Certifications and Validations Third party validation helps to ensure that vsphere remains one of the industries most secure hypervisor platforms. 32

33 2.1 Certifications Click to see the content 2.2 Federal Information Processing Standards (FIPS) 33

34 Click to see the content 34