IBM Cloud Bare Metal Servers for VPC have been available for almost a year, and we continue the steady rollout of additional features to ensure bare metal servers meet our customers’ requirements.
The latest IBM Cloud Bare Metal Servers for VPC features are focused squarely on security by providing customers with the ability to enable Secure Boot and to use a Trusted Platform Module (TPM 2.0).
Secure Boot and TPM are software- and hardware-based mechanisms used to validate and enforce trust for all software that is to be loaded onto a system. Secure Boot enforces firmware and kernel signatures that are loaded during the boot process, while the TPM provides a secure hardware-based crypto-processor that is often used to validate system integrity measurements.
Secure Boot verifies the integrity of the system’s firmware and operating system throughout the boot process. This is done by confirming all firmware and OS images loaded on the system are signed by a central Certificate Authority whose private key is stored in the UEFI firmware. Anything not signed by the Microsoft Corporation UEFI CA 2011, Microsoft Windows Production PCA 2011 or SUPERMICRO Product CA 2018 will not be executed on VPC Bare Metal Servers with Secure Boot enabled. The public keys are stored in an authorized signature database in the UEFI firmware, and each step in the boot chain validates the signatures of the next step using these keys. Formerly trusted keys that have been breached are stored in a disallowed signature database in the UEFI firmware. Anything signed with these keys will not execute on the system. This process helps prevent malicious software and malware from being loaded onto the server during the boot process.
TPM, on the other hand, is a microcontroller that securely stores and manages cryptographic keys. These keys are used to guarantee data, network connections and other sensitive information are secure. Typically, the TPM is used to attest to platform integrity and is often used in a process called Measured Boot. This is different from Secure Boot as it is simply collecting measurements of the software loaded in a secure way that other software can then interpret. The TPM can also be used to generate and store keys used to encrypt a hard drive, sign firmware images and more. Attestation is also supported by the TPM. Attestation uses a unique endorsement key (EK) that is stored on the TPM by the manufacture. It provides proof that an entity’s certificate is signed by the same CA that signed the TPM. The TPM provides a reliable and secure standard for storing data.
Secure Boot on IBM Cloud Bare Metal Servers for VPC
IBM Cloud Bare Metal Servers for VPC enable a simple toggle for Secure Boot. It’s either on or off, and defaults to off. Most stock images IBM Cloud provides are enabled for Secure Boot, but if you use any non-signed kernel modules in your image, you will need to take extra steps if you wish to enable Secure Boot.
Linux typically uses a shim mechanism for Secure Boot. There is a small, first-stage bootloader that is signed by the official Microsoft signing key and contains a distro-specific key that it used to validate the signature on the next stage of the bootloader. This shim is small, audited, well-trusted, and it is common across distros, allowing the distro to update the kernel independently. This means all kernel modules must be signed by the distro.
If you build your own or use an out-of-tree module, you will need to make sure that module is signed and add the signing keys you used into the key database. To do this, you will use the Machine Owner Key (MOK) model that allows you to add your own keys to the database. Using the Linux mokutil program, you can do this and confirm on next boot (via the console) that these keys are valid and you trust them:
So, what happens if you boot without a properly signed kernel? The system will simply refuse to boot. Each operating system handles this differently, but if you connect to the console, you’ll see a very clear message indicating why it refused to boot. To fix this, turn the system off, disable Secure Boot and either add your MOK key or switch over to a fully signed image before enabling Secure Boot again.
When you delete a bare metal server, the Secure Boot keys database is wiped and reset to ensure MOK keys do not persist between customers.
Trusted Platform Module (TPM) on IBM Cloud Bare Metal Servers for VPC
IBM Cloud Bare Metal Servers for VPC all support TPM 2.0 from Infineon AOM-TPM-9670V-S-P. By default, the TPM is disabled; however, enabling it is straightforward when the system is powered off. The first boot after enabling it will take a few more minutes, but subsequent boots are not affected. Each piece of software requiring use of the TPM brings its own requirements for the exact configuration needed. We configure the TPM as follows (which works well with most common TPM utilities):
- TPM 2.0 chip is installed and enabled in the BIOS
- SHA-256 PCR Bank is active and enabled in the BIOS
When you delete a bare metal server, the TPM is cleared and reset to ensure no user data passes between customers. If you simply disable the TPM and re-enable it, we do not wipe it as the system has remained under your control.
Together, these features provide you with the tools to prevent a wide range of security issues. Secure Boot provides assurance that all firmware and software loaded onto a system are trusted and have not been tampered with. TPM provides a place to create, store and manage cryptographic keys and sensitive data. Using these features together provides safeguards around malware and other malicious attacks.
Get started
To learn more about Secure Boot with Trust Platform Module (TPM), read our documentation.
Ready to get started with IBM Cloud Bare Metal Servers for VPC? Get USD 1000 in credits to use toward your new VPC resources, including all compute, network, and storage components. Apply code VPC1000.