Security Working Group - Wednesday May 12 - results

Joseph Reynolds jrey at linux.ibm.com
Thu May 13 04:18:48 AEST 2021


On 5/11/21 8:59 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday May 12 at 10:00am PDT.
>
> We'll discuss the following items on the agenda 
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, 
> and anything else that comes up:
>

Three items were discussed.  You might want to start with item 3 first 
to introduce the first two.  Summary:

1. Security impacts of enabling kexec (load and optionally execute new 
kernel) in the BMC's production kernel.  How does this work and play 
with secure boot and with IMA?

2. What are the security impacts of having the proc file system file 
/proc/sysrq-triggerwhich can cause kernel panics which can cause the BMC 
to terminate processing?

3. In general, how can you (an operator or the BMC's host system) 
recover a BMC which has become unresponsive, for example, because its 
kernel processing has failed.  A design introduces using 
/proc/sysrq-triggertogether with a recovery kernel installed by kexec.

Details, including links to the gerrit code reviews, are in the wiki.

- Joseph

>
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group 
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph



More information about the openbmc mailing list