-
Story
-
Resolution: Unresolved
-
Medium
-
None
-
None
ONAP SHOULD support the use of HW assisted security technologies like HSM, secure enclaves, TPM / virtual TPM for protection of more critical data (like encryption keys, secrets).
Notes:
The relevant use cases have to be defined, and choice of HW security technology has to fit for the particular SW. For example, following limitations have to be considered:
- The limitation with usage of TPM, vTPM and SGX: not feasible to use for a workload that can migrated between machines (= the typical way to deploy in cloud)
- HSM does not have this limitation as it is accessed over network protocol
------------------
Review 2019-03-18
Modified req:
ONAP SHOULD be compatible with HW assisted security technologies like HSM, secure enclaves, TPM / virtual TPM for protection of more critical data (like encryption keys, secrets).