OpenBMC Image Management

Stewart Smith stewart at linux.vnet.ibm.com
Mon Jan 30 16:51:52 AEDT 2017


"Anton D. Kachalov" <mouse at yandex-team.ru> writes:
>> PNOR:
>> * Ability to ‘patch’ by copying a Hostboot image *.bin into a designated directory (/usr/local/ for example).
>
> Would it be good to add support for opkg-based packaging to
> incrementally (hotfix) system's update? I use it in OpenWRT.

Since discovering dm-verity, I've hoped that one day the BMC would use
it to verify what it's running, and have no executable code on other
partitions. i.e. everything running on BMC and host has been
cryptographically verified.

I imagine that using opkg based packaging or something else similar
would put a spanner in the works of using dm-verity?

-- 
Stewart Smith
OPAL Architect, IBM.



More information about the openbmc mailing list