OpenBMC Security Working Group Kick Off
Nancy Yuen
yuenn at google.com
Thu Jun 7 08:35:04 AEST 2018
----------
Nancy
On Thu, May 31, 2018 at 5:38 PM, Andrew Jeffery <andrew at aj.id.au> wrote:
> On Thu, 31 May 2018, at 18:08, Stewart Smith wrote:
> > Nancy Yuen <yuenn at google.com> writes:
> > > The OpenBMC Security Work Group kick off meeting is scheduled for
> Thurs May
> > > 31, 9AM PDT. This first meeting is by invite only. Please email me
> if you
> > > are interested in participating in this working group.
> >
> > Would topics like "security of the BMC from a hostile host" be part of
> > this?
>
> I vote yes, and I'm picking up the work to shut down some of the obvious
> holes again now, at least from an OpenPOWER perspective.
>
Definitely it would be a security topic for our platforms.
>
> >
> > A design of OpenPOWER systems is that the BMC and the Host don't have to
> > trust each other, and this should extend to a host that's hostile
> > towards the BMC.
> >
> > I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
> > we started fuzzing those interfaces.
>
> I've have a neglected branch floating around that adds an AFL harness for
> mboxd. I should start hacking on that again :)
>
Maybe for OpenBMC Fix it next week? :D
>
> Andrew
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180606/1e05afd4/attachment.html>
More information about the openbmc
mailing list