OpenBMC Learning Series - security

Joseph Reynolds jrey at
Thu Oct 15 02:00:05 AEDT 2020

On 10/9/20 2:51 PM, Patrick Williams wrote:
> On Fri, Oct 09, 2020 at 12:33:17PM -0500, Joseph Reynolds wrote:
>> On 7/24/20 7:13 PM, Sai Dasari wrote:
>>> Sai and the OpenBMC community,
>>> Here is my big-picture idea to organize OpenBMC's security effort. I
>>> hope this material will guide the project's overall security effort,
>>> including the learning series.
>>> I want to take this process one step at a time to help build consensus
>>> for my approach.
>>> My big idea is to apply the world's best publicly available security
>>> schemes to the OpenBMC project.  Schemes like Microsoft Security
>>> Engineering, IBM Secure Engineering, and the Common Criteria evaluation
>>> have been developed over decades of experience and give us the most
>>> complete guidance for the OpenBMC project and its users.  We should use
>>> them.
>>> Does this seem like the right approach?  See discussion in footnote 1.
> Hi Joseph,
> What I can't tell is if you're describing the current state of affairs
> or where you'd like to go.  My impression is that these education
> sessions should be more current state of affairs with only a taste of
> the future.  The education sessions are for people who have little-to-no
> experience with OpenBMC already in order to make them more productive
> quickly.

My email recommends a way to organize the security work.  Once we agree 
[1], I think we should organize project documentation, presentations, 
and working group activity in the same way.  The presentation would give 
a simplified overview of project security and link to the project's 
security documentation.  Does that make sense?

- Joseph

[1]: We are discussing this in today's security working group meeting:

More information about the openbmc mailing list