RHBA-2023:6765 - Bug Fix Advisory

Topic

Updated FIDO Device Onboarding Server container images are now available in the Red Hat container registry.

Description

The FIDO Device Onboarding (FDO) process automatically authenticates and provisions Edge devices, providing secure, zero touch onboarding and configuration at scale.
The FDO protocol is based on four servers:

FDO Manufacturing Server: The server side implementation of the "Device Initialize" protocol, the FDO Manufacturing Server is responsible for signing a device and creating a voucher used for device ownership.

FDO Owner Onboarding Server: The FDO Owner Onboarding server creates a secure channel for communication with an Edge device and sends the required configuration, files and keys needed for onboarding.

FDO Rendezvous Server: The FDO Rendezvous server is the first point of contact for a newly powered on Edge device during Onboarding. The FDO Rendezvous server receives an Owner Voucher from the Manufacturing server which is used for device authentication and points to the Owner Onboarding server for onboarding automation.

FDO Serviceinfo API Server: The FDO Serviceinfo API server is used with the Owner Onboarding server and provides Edge device configuration details.

The following new container images are now available in the Red Hat container registry:

fdo-manufacturing-server
fdo-owner-onboarding-server
fdo-rendezvous-server
fdo-serviceinfo-api-server

To pull a container image, run the following command:

podman pull registry.redhat.io/rhel9/<image_name>

Solution

The container image provided by this update can be downloaded from the Red Hat container registry at registry.access.redhat.com using the "podman pull" command.

Affected Products

• Red Hat Enterprise Linux for x86_64 9 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
• Red Hat Enterprise Linux Server - AUS 9.6 x86_64
• Red Hat Enterprise Linux Server - AUS 9.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems 9 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
• Red Hat Enterprise Linux for Power, little endian 9 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
• Red Hat Enterprise Linux for ARM 64 9 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
• Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
• Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
• Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
• Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

• BZ - 2232019 - rebuild of fdo-manufacturing-server-container 9.3
• BZ - 2232020 - rebuild of fdo-owner-onboarding-server-container 9.3
• BZ - 2232021 - rebuild of fdo-rendezvous-server-container 9.3
• BZ - 2232022 - rebuild of fdo-serviceinfo-api-server-container 9.3

CVEs

(none)

References

• https://catalog.redhat.com/software/containers/search