OpenBMC Security Working Group Kick Off
Andrew Jeffery
andrew at aj.id.au
Fri Jun 1 10:38:25 AEST 2018
On Thu, 31 May 2018, at 18:08, Stewart Smith wrote:
> Nancy Yuen <yuenn at google.com> writes:
> > The OpenBMC Security Work Group kick off meeting is scheduled for Thurs May
> > 31, 9AM PDT. This first meeting is by invite only. Please email me if you
> > are interested in participating in this working group.
>
> Would topics like "security of the BMC from a hostile host" be part of
> this?
I vote yes, and I'm picking up the work to shut down some of the obvious holes again now, at least from an OpenPOWER perspective.
>
> A design of OpenPOWER systems is that the BMC and the Host don't have to
> trust each other, and this should extend to a host that's hostile
> towards the BMC.
>
> I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
> we started fuzzing those interfaces.
I've have a neglected branch floating around that adds an AFL harness for mboxd. I should start hacking on that again :)
Andrew
More information about the openbmc
mailing list