Security Working Group - Wednesday May 12 - results
jrey at linux.ibm.com
Thu May 13 04:18:48 AEST 2021
On 5/11/21 8:59 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday May 12 at 10:00am PDT.
> We'll discuss the following items on the agenda
> and anything else that comes up:
Three items were discussed. You might want to start with item 3 first
to introduce the first two. Summary:
1. Security impacts of enabling kexec (load and optionally execute new
kernel) in the BMC's production kernel. How does this work and play
with secure boot and with IMA?
2. What are the security impacts of having the proc file system file
/proc/sysrq-triggerwhich can cause kernel panics which can cause the BMC
to terminate processing?
3. In general, how can you (an operator or the BMC's host system)
recover a BMC which has become unresponsive, for example, because its
kernel processing has failed. A design introduces using
/proc/sysrq-triggertogether with a recovery kernel installed by kexec.
Details, including links to the gerrit code reviews, are in the wiki.
> Access, agenda and notes are in the wiki:
> - Joseph
More information about the openbmc