OpenBMC Security Working Group Kick Off - from a hostile host

Joseph Reynolds joseph-reynolds at charter.net
Fri Jun 1 11:58:33 AEST 2018


On 5/31/2018 8:15 AM, openbmc-request at lists.ozlabs.org wrote:
> Message: 1
> Date: Thu, 31 May 2018 18:38:23 +1000
> From: Stewart Smith<stewart at linux.ibm.com>
> To: Nancy Yuen<yuenn at google.com>, OpenBMC Maillist
> 	<openbmc at lists.ozlabs.org>
> Subject: Re: OpenBMC Security Working Group Kick Off
> Message-ID:<87efhs43uo.fsf at linux.vnet.ibm.com>
> Content-Type: text/plain
>
> Nancy Yuen<yuenn at google.com>  writes:
>> The OpenBMC Security Work Group kick off meeting is scheduled for Thurs May
>> 31, 9AM PDT.  This first meeting is by invite only.  Please email me if you
>> are interested in participating in this working group.
> Would topics like "security of the BMC from a hostile host" be part of
> this?
>
> A design of OpenPOWER systems is that the BMC and the Host don't have to
> trust each other, and this should extend to a host that's hostile
> towards the BMC.

Yes!  The BMC security boundary ends at the pins that connect to the 
host, so that is treated an attack surface.  I may have been a bit fuzzy 
on this when I sketched out the initial security docs...so I'll update 
the OpenBMC security docs to talk about risks from host ipmi and mbox 
and explain the security risks, then grab an expert to explore further.

- Joseph
> I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
> we started fuzzing those interfaces.
>
> -- Stewart Smith OPAL Architect, IBM.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180531/0415e4f6/attachment.html>


More information about the openbmc mailing list