Security Working Group meeting - Wednesday December 8 - results
dphadke at linux.microsoft.com
Fri Dec 10 16:01:58 AEDT 2021
On Fri, 10 Dec 2021, Andrew Jeffery wrote:
> There's not much documentation as yet. p10bmc can be used as an example
> of a system that enables it.
> Given the lack of documentation it's probably also reviewing these
> patches in the context of the configuration above:
Thank you for the pointer, I'll comments there.
>> Need clarity regarding OTP programming.
>> (1) There's Linux tool
> I assume this refers to socsec? The socsec repo provides two tools:
> `socsec` and `otptool`. `otptool` can be used to generate the OTP image
> and exercise signature validity.
Yes, I was referring to these tools, socsec-sign.bbclass seems to cover
the workflow I was looking for.
>> and U-Boot patches floating somewhere.
> I'm not sure what patches you're referring to here, can you clarify?
cmd/otp.c has more changes compared to openbmc/u-boot.
>> (2) Any specific OTP straps preferred by OpenBMC, e.g. enabling alt
>> boot (ABR).
> There's no real preference. My intent is to add a recipe that can
> consume a platform-specific otptool json config and spit out the OTP
> binary as a build artefact. Currently I just have the config captured
> in a separate repo internally and I generate binaries from that using
This is useful, having readable config and letting platform select
behavior such as alternate image in same SPI or alternate, etc.
More information about the openbmc