Security Working Group meeting - Wednesday January 8

Joseph Reynolds jrey at
Wed Jan 8 06:54:22 AEDT 2020

This is a reminder of the OpenBMC Security Working Group meeting 
scheduled for this Wednesday January 8 at 10:00am PDT.

We'll discuss current development items, and anything else that comes 
up.  The current topics:

1. Gerrit review: Overview of BMC interfaces which either (1) someone 
might want to dynamically enable or disable, or (2) form an interesting 
part of the BMC’s attack surface. 

2. Gerrit review: Prompted by IRC #openbmc discussion: Idea: List 
applicable security standards and best practices which might apply to 
OpenBMC for folks who want to use OpenBMC in their higher-security 
project which needs to meet security standards.

3. Review composition of the openbmc-security email list per 

4. Code review to redirect HTTP to HTTPS (via nc netcat) - This 
is currently scoped to OpenPOWER; can it be moved to meta-phosphor.  Are 
there security concerns with adding the “netcat” (nc) command?

5. Gerrit review: Denial of service (DoS) considerations -  (Joseph:) 
Specifically, I want to know if this is mergeable, and I want to start 
with the BMCWeb rate-limiting defences. 

Access, agenda, and notes are in the wiki:

- Joseph

More information about the openbmc mailing list