Security Working Group meeting - Wednesday September 14 - results
Joseph Reynolds
jrey at linux.ibm.com
Thu Sep 15 05:31:15 AEST 2022
On 9/14/22 9:09 AM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday September 14 at 10:00am PDT.
>
>
> ATTENTION - Venue Change. The meeting recently moved to Discord
> voice. Please update your calendars.
>
> === MEETING ACCESS ON DISCORD VOICE ===
> First, join Discord via https://discord.gg/69Km47zH98
> <https://discord.gg/69Km47zH98> and confirm via email.
> Then, to join: navigate Discord > OpenBMC > Voice channels > Security
> ~ https://discord.com/channels/775381525260664832/1002376534377635860
> <https://discord.com/channels/775381525260664832/1002376534377635860>
>
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>,
> and anything else that comes up:
>
> 1. Discuss alternate meeting times
1 Discuss alternate meeting times (continued from previous meeting).
DISCUSSION in discord indicated to use the Discord #security channel for
security-focused discussions. And feel free to set up a meeting on the
Discord #security voice channel at any time. We will continue with the
regular security working group meetings (once every other week).
2 SELinux design and implementation progress.
DISCUSSION:
Ruud. How to approve the design?
https://gerrit.openbmc.org/c/openbmc/docs/+/53205
<https://gerrit.openbmc.org/c/openbmc/docs/+/53205> Ideas to ask the
docs repo maintainers for feedback
https://github.com/openbmc/docs/blob/master/OWNERS
<https://github.com/openbmc/docs/blob/master/OWNERS>
Yutaka Status: Working two areas:
*
Creating bitbake recipes to enable SELinux on AST2600 EVB in
non-enforcing mode.
*
Working to get tests to pass
<https://github.com/openbmc/openbmc-test-automation>before
requesting to merge. The tests fail on the AST2600 EVB because the
CPU is not present.
The interim plan is to get SELinux working on the Witherspoon reference
platform (which should be possible to get all tests to pass). Then
adapt the config to other models such as AST2600.
3 Measured Boot. Sandhya K.
DISCUSSION:
Please review the design:
https://gerrit.openbmc.org/c/openbmc/docs/+/57138
<https://gerrit.openbmc.org/c/openbmc/docs/+/57138>
Still working on the design for the keylime agent which runs on the BMC.
Bonus topic: How does communication work? Where is code reviewed?
Which channels? For code changes: Note the Linux and U-boot pieces of
OpenBMC use the email patch process. Nearly all other OpenBMC repos use
the Gerrit review process. https://gerrit.openbmc.org/dashboard/self
<https://gerrit.openbmc.org/dashboard/self>
https://github.com/openbmc/docs/blob/master/CONTRIBUTING.md#submitting-changes
<https://github.com/openbmc/docs/blob/master/CONTRIBUTING.md#submitting-changes>
4 BMC Secure boot.
Please review the design.
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/26169
<https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/26169>
Joseph
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
More information about the openbmc
mailing list