[EXTERNAL] Re: thoughts on livepatch?

Sat Oct 24 07:52:40 AEDT 2020

Few concerns are 
-  Permutations and combinations of patches and validation chaos
-  Runtime security 
-  resources needed( CPU + Storage) for a good package manager ! 

Looking fwd to this if there is a good momentum to design a good and secure package manager for OpenBMC. 

Neeraj

-----Original Message-----
From: openbmc <openbmc-bounces+neladk=microsoft.com at lists.ozlabs.org> On Behalf Of Joseph Reynolds
Sent: Friday, October 23, 2020 1:36 PM
To: openbmc at lists.ozlabs.org; Nancy Yuen <yuenn at google.com>
Subject: [EXTERNAL] Re: thoughts on livepatch?

On 10/22/20 8:00 PM, Nancy Yuen wrote:
> And I was trigger happy. Meant to include...
> This Message Is From an External Sender This message came from outside 
> your organization.
>
> And I was trigger happy.  Meant to include
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> kernel.org%2Fdoc%2FDocumentation%2Flivepatch%2Flivepatch.txt&data=
> 04%7C01%7Cneladk%40microsoft.com%7C47fe9e57b2ac41c0894f08d877935ec4%7C
> 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637390822149465815%7CUnknow
> n%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC
> JXVCI6Mn0%3D%7C1000&sdata=Xcrnj5%2BY1WWXZL9nGp90YTETufTkrAJlGdFoys
> odDq4%3D&reserved=0
>
> On Thu, Oct 22, 2020 at 5:59 PM Nancy Yuen <yuenn at google.com 
> <mailto:yuenn at google.com>> wrote:
>
>     Anyone tried it with OpenBMC?  Any thoughts?
>

What is the use case?  I assume this is to patch an OpenBMC-based firmware image without having to rebuild and distribute the entire image.  What is the benefit of using livepatching compared to creating a new image that has the fix included, and rebooting the BMC to apply it?

Benefits?
- Smaller patch requires less bandwidth to distribute.
- Possible increased ability to apply patches sooner (compared to installing entire image then rebooting the BMC).
- Quicker apply times means less BMC downtime.

What is the cost?
- More complicated infrastructure to train staff and to create, track test, distribute, and apply patches.
- You have to test the patched image and test the image that has the permanent fix.
- Does patching work and play nicely with secure boot and attestation schemes?

Kernel livepatching is similar to immediate PTFs on IBM i.  As developers, we were encouraged to develop patches that could be applied immediately (meaning no reboot required).  These sometimes took extra time to develop, and it was not always possible to develop such a fix, required additional testing, and sometimes caused customer problems.

My 2 cents worth,
- Joseph

>
>     Nancy Yuen
>
>     	
>
>     •
>
>     	
>
>     Google Platforms
>
>     	
>
>     •
>
>     	
>
>     yuenn at google.com <mailto:yuenn at google.com>
>
>     	
>
>     •
>
>     	
>
>     Google LLC
>
>
>
> --
>
> Nancy Yuen
>
> 	
>
> •
>
> 	
>
> Google Platforms
>
> 	
>
> •
>
> 	
>
> yuenn at google.com <mailto:yuenn at google.com>
>
> 	
>
> •
>
> 	
>
> Google LLC
>