Security Working Group meeting - Wednesday November 13

Joseph Reynolds jrey at linux.ibm.com
Wed Nov 27 03:58:16 AEDT 2019


On 11/11/19 3:50 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday November 13 at 10:00am PDT.
>
> * * NOTE - the USA went off daylight savings time since the previous 
> meeting  * *
> This means the meeting may be an hour later for you.  Please check 
> your caneldar.
>
> As usual, we'll discuss current development items, and anything else 
> that comes up.  There are currently three topics:
>  1. Allow BMC Admin to enable and disable BMC interfaces.
>  2. BMC secure boot design.
>  3. Disable SSL Renegotiation.

We spent the entire time discussing the BMC's interfaces.  The full 
meeting minutes (such as they are) are in the google doc 2019-11-13 
Highlights: - Interfaces which should be enabled by default: BMC network 
interface, HTTPS, Redfish. - However, the question of which interfaces 
which should be enabled by default depends on the use case for 
provisioning and operation of the BMC. A counter example is a BMC 
operated by its host system (which may not need network). - Next steps:
    1. Refine the list of interfaces and figure out which we are willing 
to implement controls for.
    2. Work to understand how the interfaces are structured, including 
various use cases.
    3. Continue to look for standards from Redfish, etc.

- Joseph

>
> NOTE:  * * There is some level of excitement to discuss the BMC's 
> interfaces, and some new folks may be joining the call.
>
> Access, agenda, and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
>
> - Joseph



More information about the openbmc mailing list