BMC threat model docs

Joseph Reynolds jrey at
Thu Jul 18 02:26:49 AEST 2019

I got a private email asking
 > [where are the] BMC project threat model documents?

The approved network threat model is here:

The threat model is very basic and does little more than identify 
OpenBMC's network services.  The level of detail was initially 
superficial to get approval for the document.  I hope to add more 
details and add new sections for BMC network connections including LDAP, 
remote logging, remote media, ip-kvm, event subscriptions, etc.  Then 
add a section for Redfish security considerations.

The network threat model is only a subset of the overall BMC threat 
model.  (For example, the BMC faces threats from its environment and its 
host system.)  The OpenBMC project has no overall BMC threat model, and 
mine is in review here:
(You can find other threat model reviews by searching gerrit for 
"threat" or "security").

I am using my review to collect information about BMC threats, which in 
turn depends on how the BMC is used, so I am collecting information 
about BMC use cases too.  Any and all contributions are welcome, and can 
be added as review comments, email to the community, or directly to me.  
I am struggling with the threat model scope, and how to organize the 
document.  Any feedback is welcome.

- Joseph

More information about the openbmc mailing list