Pre-seeding properties into images
Christian Svensson
christian at cmd.nu
Mon May 25 22:27:36 AEST 2020
Hi,
I've been contemplating the case of an immutable OpenBMC flash, one where
the whole image is stored on a, from OpenBMCs perspective at least,
read-only flash. One could think of doing this from either a security or
reliability perspective.
One thing that I would like to do for these cases is to inject things like
the hostname of the BMC, as well as the TLS certificates to be used.
A wanted property is that the build signature of OpenBMC shouldn't need to
be refreshed, and adding these extra files should be relatively easy.
Simple example to communicate what I'm thinking:
Something like (cat openbmc.img; server-aa01.tar) > openbmc-aa01.img. This
would then be flashed onto the server using normal means.
OpenBMC would then use this tar archive as an overlay of /.
The tar archive could optionally be signed as well, to prevent somebody
from overwriting /bin/bash or something like that.
Has something like this been discussed before? Thoughts on the general idea?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200525/5d732f72/attachment.htm>
More information about the openbmc
mailing list