request for a repository

Patrick Williams patrick at stwcx.xyz
Thu Feb 9 00:47:14 AEDT 2023 

On Tue, Feb 07, 2023 at 05:53:03PM -0800, John Broadbent wrote:
> We would like a new repository where we can share our upstream daemon that
> interfaces with our Root of Trust (rot). Ideally having a repository on
> openbmc would be a nice place to keep our source of truth for this daemon.

Generally the process is to open an issue to the TOF[1] to request new
repositories, but it is fine to also post here to bring awareness.

I don't think there is a lot of appetite for "we have a bunch of
existing code we'd like to dump on a community" in open source
generally or here specifically.  We've stated over and over that the
best approach is to be developing this stuff in the open with
opportunity for others to weigh in on the design.

I have a few questions on this specifically which speak to the value of
this code from the community's perspective:

    a) Is this ROT available for anyone else to purchase or is this your
       custom hardware?

    b) Does the ROT speak a standard management protocol, like SPDM, or
       is the interaction with the ROT entirely custom?

    c) Are you willing to accept contributions from others to expand
       support for other ROTs?

    d) Are you proposing dbus interfaces that can be generally
       applicable to all ROTs or is the interaction exclusive to your
       hardware?  Are you willing to accept feedback if what you've
       already come up with is _not_ generally applicable and make
       appropriate modifications?

    e) Are you working with any external standards bodies, such as
       DMTF-Redfish, to standardize remote management of ROTs (and
       implementing said work in this daemon)?

Unless the answer to a majority of these questions are yes, I'd like to
better understand what you see as the value to others in having the
community help maintain this code is.

1. https://github.com/openbmc/technical-oversight-forum/issues

Nit: "...share our upstream daemon" -- I think you mean downstream.

-- 
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20230208/20da3e17/attachment-0001.sig>

More information about the openbmc mailing list