Conference Schedule - BSDCan 2022

Enabling a platform approach for hardware backed security

Date: 2022-06-04
Time: 10:30–11:15
Room: Stream 3
Level: Beginner

Securing devices at the edge requires special attention due to the increased threat landscape inherent to devices outside the datacenter. One of the methods used to add a higher level of security is to protect private keys and secrets in a hardware Root of Trust (RoT). Hardware RoT comes in many forms like TPMs, secure elements, HSMs or embedded TEEs. In many cases, the selection of the RoT is done by the manufacture of the device leaving the developers with the need to support several device-specific solutions. This poses a challenge to the SW developer who needs to maintain portability in their code but wants to leverage the highest level of security available in the system.

Faced with this challenge, Arm and Docker kicked off a security project to create a microservice that provides a common interface to any root of trust. We called it Parsec. Parsec has grown since its inception back in 2019 and now resides in the open source, Cloud Native Computing Foundation. This flexible micro-Service can run on any platform, any OS and support any RoT. We have recently run Parsec on openBSD without any code changes.

During this session, we will introduce the Parsec Project. We will present the problem statement and explain how Parsec addresses this challenge. We will provide examples of successful integrations and walk through the current list of supported APIs, front end clients (in multiple languages) and backend providers.

The goal of this session is to bring awareness to the project and build community interest and participation in this effort. Together we can make security at the edge portable, easy to consume and hard to get wrong!


Marc Meunier