Welcome to Secure Edge device onboarding
Secure Edge device onboarding with RHEL and FDO
Edge device onboarding could be your worst nightmare: security concerns, complexity, scalability, traceability, … but there is a new helping hand: FIDO device onboarding (FDO) specification.
Red Hat is developing an implementation of this new industry specification and included it as technology preview in RHEL 8.6+/9.x.
In this tutorial, you have the opportunity to learn more about FDO by installing and configuring the FDO servers, creating your own device onboarding use case (including the automation needed), and deploying RHEL for Edge following the FDO workflow.
Although FDO can be used with "standard" Red Hat Enterprise Linux, this tutorial will use a variant of RHEL based on OSTree images, since these systems are more suitable for edge computing use cases. OSTree based RHEL will be also included in Red Hat Device Edge product.
The lab will consist in three main steps:
-
FDO Lab: Install and configure the required FDO servers
-
RHEL OSTree Lab: Create an OSTree RHEL image (OSTree Operating Systems are based on images that contain all required RPMs, in contrast with installing with a standard RHEL ISO and then start installing RPMs with DNF/YUM)
-
Onboarding Lab: Use the generated OSTree RHEL image to deploy an edge device system which will use the configured FDO services to automate the device onboarding in a secure way.
Before the FDO and RHEL labs you will find an "Intro". That won’t be related to the Labs, it is only an introduction to the FDO and OSTree RHEL concepts that you could skip, but that I encourage you to read to better understand what you are doing during the Labs.
Let’s start!