BMC Image Signing Proposal
Vernon Mauery
vernon.mauery at linux.intel.com
Fri May 25 05:34:40 AEST 2018
On 24-May-2018 12:12 PM, Adriana Kobylak wrote:
>On 2018-05-22 13:28, Vernon Mauery wrote:
>>
>>One other thought I had was that we could make the manifest a JSON
>>file which makes for very simple parsing (since the parser is already
>>written). Then we could go with something like this:
>>
>
>That's a good option, at least for the write to flash piece. We could
>even extend the manifest to include the names of the service files to
>delete/clean up the flash. Most of the rest of the code manages the
>D-Bus objects so that'd be common with all flash layouts.
>
>Another option, or combination with a json manifest, would be to have
>different repos or different subdirectories for specific
>implementations.
I would prefer not to need to split the implementation, but that may not
always be possible.
One thing along this line of thinking is that Intel's BMCs don't have
the notion of field mode, which is baked into the software manager. So
it might be helpful to have some way to deal with this.
One thought was that external service files executed from the manifest
could deal with this (keep the OEM service files in external
repositories).
--Vernon
>
>Lei, thinking we could convert Romulus to ubi, and use the PNOR chip
>to store the alternate BMC version. I think that'd be more straight fwd
>and the advantage would be that the interfaces are tested and verified.
>And on the side we can continue this discussion on how to make the
>code more modular to support other layouts and we can start making
>the changes but at least we can get Romulus using signature validation
>in the mean time.
>
More information about the openbmc
mailing list