Security Working Group meeting - Wednesday September 14 - results

Joseph Reynolds jrey at
Thu Sep 15 05:31:15 AEST 2022

On 9/14/22 9:09 AM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday September 14 at 10:00am PDT.
> ATTENTION - Venue Change.  The meeting recently moved to Discord 
> voice.  Please update your calendars.
> First, join Discord via 
> <> and confirm via email.
> Then, to join: navigate Discord > OpenBMC > Voice channels >  Security 
> ~ 
> <>
> We'll discuss the following items on the agenda 
> <>, 
> and anything else that comes up:
> 1. Discuss alternate meeting times

1 Discuss alternate meeting times (continued from previous meeting).

DISCUSSION in discord indicated to use the Discord #security channel for 
security-focused discussions.  And feel free to set up a meeting on the 
Discord #security voice channel at any time.  We will continue with the 
regular security working group meetings (once every other week).

2 SELinux design and implementation progress.


Ruud. How to approve the design? 
<>  Ideas to ask the 
docs repo maintainers for feedback 

Yutaka Status: Working two areas:


    Creating bitbake recipes to enable SELinux on AST2600 EVB in
    non-enforcing mode.


    Working to get tests to pass
    requesting to merge.  The tests fail on the AST2600 EVB because the
    CPU is not present.

The interim plan is to get SELinux working on the Witherspoon reference 
platform (which should be possible to get all tests to pass).  Then  
adapt the config to other models such as AST2600.

3 Measured Boot.   Sandhya K.


Please review the design: 

Still working on the design for the keylime agent which runs on the BMC.

Bonus topic: How does communication work?  Where is code reviewed?  
Which channels? For code changes: Note the Linux and U-boot pieces of 
OpenBMC use the email patch process.  Nearly all other OpenBMC repos use 
the Gerrit review process. 

4 BMC Secure boot.

Please review the design. 


> Access, agenda and notes are in the wiki:
> <>
> - Joseph

More information about the openbmc mailing list