October 22, 2019

194 words 1 min read

Securing Kubernetes with Trusted Platform Module (TPM)

Securing Kubernetes with Trusted Platform Module (TPM)

TPM is a discrete tamper-resistant device soldered to the motherboard and it operates independently of its host. TPM devices are designed to protect sensitive credentials at the hardware level: crede …

Talk Title Securing Kubernetes with Trusted Platform Module (TPM)
Speakers Alexandr Tcherniakhovski (Engineer, Google), Andrew Lytvynov (Software Engineer, Independent)
Conference KubeCon + CloudNativeCon Europe
Conf Tag
Location Barcelona, Spain
Date May 19-23, 2019
URL Talk Page
Slides Talk Slides Talk Slides
Video

TPM is a discrete tamper-resistant device soldered to the motherboard and it operates independently of its host. TPM devices are designed to protect sensitive credentials at the hardware level: credentials created and stored within TPM devices cannot be extracted, even if host is compromised. Additionally, TPM devices provide a suite of cryptographic operations for applications to leverage. In this demo heavy session, we will review core TPM capabilities and how they could be used in for extending Kubernetes security. Attendees will leave with understanding how to utilize TPM in the context of Kubernetes. Concretely, the following scenarios will be covered: - Bootstrap trusted identity of cluster nodes - Seal sensitive data - Generate cryptographically protected logs - Generate unexportable TLS credentials

comments powered by Disqus