Security Working Group meeting - Wednesday January 19 - results
Joseph Reynolds
jrey at linux.ibm.com
Thu Jan 20 05:36:12 AEDT 2022
On 1/18/22 10:03 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday January 19 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>,
> and anything else that comes up:
>
>
Attended: Joseph, Dhananjay, James Mihm, Aviram from Kameleon, Dick
Wilkins, Daniil, Jiang Zhang.
1 James mentioned two topics from last time: (a) integrate OpenBMC
Security Response Team (SRT) docs into github, and (2) enhance the SRT
process (as the OpenBMC CNA) to follow the correct process to write CVEs.
James renewed the call to push to writeup security issues in (private
repo) https://github.com/openbmc/security-response/issues
<https://github.com/openbmc/security-response/issues>
We are still working on this, with the limited amount of time we have.
2 Aviram from Kameleon briefly outlined interest in an OpenBMC Root of
Trust (RoT).
The RoT controls access to the flash for both the BMC and host,
following WIP standards from OCP:
https://www.opencompute.org/blog/ocp-security-announces-version-10-specs-for-root-of-trust
<https://www.opencompute.org/blog/ocp-security-announces-version-10-specs-for-root-of-trust>
-Joseph
>
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
More information about the openbmc
mailing list