Security Working Group - Wednesday July 22
Joseph Reynolds
jrey at linux.ibm.com
Mon Jul 20 23:57:28 AEST 2020
This is a reminder of the OpenBMC Security Working Group meeting
scheduled for this Wednesday July 22 at 10:00am PDT.
We'll discuss current development items, and anything else that comes up.
1. The OpenBMC interface overview is merged into the docs repository
here:
https://github.com/openbmc/docs/blob/master/architecture/interface-overview.md.
Is there interest in building a threat model on top of this?
2. A gerrit review merged. It is a rework of BMCWeb authorization flow:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/30994
and tweaks some security settings. Is there interest in reviewing the
code or changed settings? (Please note: This changed was introduced
Months ago and it went unnoticed in the security workgroup. Better late
than never.)
3.Gerrit review: Firmware minimum ship level (can help with host
firmware anti-rollback protection)
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-bmc-code-mgmt/+/29914
Access, agenda, and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group
- Joseph
More information about the openbmc
mailing list