BMC Image Signing Proposal
Stewart Smith
stewart at linux.vnet.ibm.com
Tue Jan 30 15:39:42 AEDT 2018
Alexander Amelkin <a.amelkin at yadro.com> writes:
> 1. BMC usually runs in a secured environment where probability of
> tampering with flash IC contents by means other than BMC's firmware
> itself is negligible.
Consider the host to be actively hostile.
In any metal-as-a-service environment, a privilege escalation is to get
code onto the BMC, and thus survive to the next tenant. While the bmc to
host interfaces *should* be nice and secure, they are software, and thus
are *going* to have security issues. A solid secure-boot story on the
BMC would add defense in depth.
--
Stewart Smith
OPAL Architect, IBM.
More information about the openbmc
mailing list