Security Working Group meeting - Wednesday July 10 - results

Joseph Reynolds jrey at
Tue Jul 16 05:22:21 AEST 2019

On 7/9/19 10:20 AM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday July 10 at 10:00am PDT.
> * * * The call-in access is new/changed for this meeting - details 
> below * * *
> Current topics:
> - Development work (including approved network security considerations)

We talked about the BMC initial setup, aka provisioning.
We also discussed ideas about how to secure the BMC against having a 
default password. The top two ideas were:
1. Have the password be expired, so the BMC admin has to change it to 
use the BMC.
2. Have the BMC start in a new "setup mode" which encourages its admin 
to change its password.

> - BMC use cases

We went around the room, and several folks mentioned interest in the 
DMTF's Security Protocol and Data Model (SPDM ~  I've added that topic 
to the agenda.

> - Release planning input

Only I stated an interest in providing security-related input to the 2.7 
release process.  So I will send that email with only my name on it..

> Access, agenda, and notes are in the wiki:
> - Joseph
> The Security Working Group meeting access is changing.  The old access
> will not be used.  The new access is given in the wiki and in this
> email.  This is effective immediately, so please update your calendars.
> Here is the information for the web video conference and telephone 
> access:
> - Join via Web:
> - Join via Phone: Use access code: 927 034 486 -- United States Toll
> Free: 1-844-531-0958. Click here for other phone numbers
> <> 
> - Visit the Webex web site for more ways to join or for an updated
> access code.

More information about the openbmc mailing list