Security Working Group meeting - Wednesday February 2

Michael Richardson mcr at sandelman.ca
Fri Feb 4 06:13:17 AEDT 2022


Thanks for the great notes!

It would be good if this commit noted that socsec-sign is a tool that comes from AST.
Perhaps I can figure out how to do the gerrit dance and make the comments there.

It would also be good if the document which contains the details was noted in
the commit by name and/or document ID.  Yes, as I understand it's under NDA
but at least, if someone comes along and wants details, they'll know
exactly what they want details on.

In order to support signing the uboot images, and for the uboot image to
verify the flatenned image tree https://elinux.org/images/f/f4/Elc2013_Fernandes.pdf
then the manufacturer needs to maintain some set of signing keys.
There are many ways to do this.  Some time ago, I started an ontology
document about how to describe the different ways.

Your comments would be welcome on:
   https://github.com/mcr/idevid-security-considerations
and:
   https://datatracker.ietf.org/doc/draft-richardson-t2trg-idevid-considerations/

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220203/edec6b60/attachment.sig>


More information about the openbmc mailing list