Security Working Group meeting - Wednesday September 18

Joseph Reynolds jrey at linux.ibm.com
Thu Sep 19 06:51:06 AEST 2019


On 9/17/19 6:32 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday September 18 at 10:00am PDT.
>
> Current topics:
> - Development work:
>     1. IPMI authority question - 
> https://lists.ozlabs.org/pipermail/openbmc/2019-August/017905.html

>     2. Multiple admin security question - 
> https://lists.ozlabs.org/pipermail/openbmc/2019-August/017910.html 

> - OCP Secure Firmware Development Best Practices (goo.gl/uEoAh4) 

> - Expired password design


Thanks to everyone who attended the meeting.  The minutes are in the 
link below.  Click the link, then click "Meeting Minutes". Highlights:

- We discussed the design and implementation of IPMI authority 
Role=admin access.
- We discussed the expired password design, including interfaces that 
will be able to change the password.
- We briefly reviewed the existence of the OpenBMC network threat model 
and the overall BMC threat model currently in review.
- We glanced at the mutual TLS (mTLS) reviews in progress

- We discussed the desire and plans to deprecate out-of-band IPMI 
network access to the BMC.  I'll send an email with more on this topic.
- We discussed emerging firmware recommendations such as the "CSIS 
Secure Firmware Development Best Practices" and how we would use those 
recommendations.

- Joseph

>
> Access, agenda, and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
>
> - Joseph



More information about the openbmc mailing list