Security Working Group meeting - Wednesday March 2 - results
Joseph Reynolds
jrey at linux.ibm.com
Thu Mar 3 05:24:11 AEDT 2022
On 3/1/22 2:13 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday March 2 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>,
> and anything else that comes up:
>
> 1.
We briefly discussed the NoAccess role. It may have been conflated with
the IPMI Callback or NoAccess privileges or with channel access. Newly
created IPMI users currently default to NoAccess, and there is a patch
to make new users have “User” (read only) privilege. Note that in
OpenBMC’s IPMI implementation, creating users requires multiple IPMI
commands, for example: ipmitool user add, user set password, channel, etc.
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-host-ipmid/+/50824
>
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
>
More information about the openbmc
mailing list