From: Joseph Reynolds <jrey@linux.ibm.com>
To: openbmc <openbmc@lists.ozlabs.org>
Subject: Re: Security Working Group meeting - Wednesday June 22 - results
Date: Wed, 22 Jun 2022 13:20:48 -0500 [thread overview]
Message-ID: <bda71881-1a64-ad19-6fb1-fbb328975935@linux.ibm.com> (raw)
In-Reply-To: <4ca4257d-58f1-abc7-a85e-34e9904d4602@linux.ibm.com>
On 6/22/22 10:19 AM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday June 22 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>,
> and anything else that comes up:
>
Attendees: Daniil Engranov, Russel Wilson, Yutaka Sugawara, Ruud Haring,
James Mihm, Joseph Reynolds
1 Agreed to cancel July 6 due to US holiday week
2 CVE management.
Intel’s internal hack-a-thon 3 was held in May 2022. Working toward
private disclosure to OpenBMC SRT.
Next steps: James will set up a private meeting with the OpenBMC
security response team (SRT) to write some privately-disclosed
vulnerabilities to the private issues database.
3 Measured boot
Measured boot writes firmware images to TPM
There is an effort to enable measured boot for ASPEED AST2600 platforms
with a TPM attached to the BMC (distinct from host TPM).
Current work: Working toward measured boot for U-boot.
Pre-requisite work: Openbmc’s ASPEED UBoot was forked and is about 1000
commits old and will need to be updated because it does not have new
features needed.
Will need a design for this. Design to cover:
*
Enable the mechanism to push measurements into the TPM. The design
may have parts which are specific to AST2600.
*
Describe which pieces get measured: SPL(?), U-boot image, kernel
image, readonly file system.
*
Enable network agents (like keylime server, possibly the host
system) to get measurements from TPM. Note the measurements are
digitally signed by the TPM to ensure their integrity.
*
Intent to comply with OCP standards.
The design will omit policy questions: Use cases for the attestation
data, keylime or other servers, policy questions about what to do when
attestation fails.
Example policy when BMC goes bad (fails attest): BMC is isolated from
its management network? From host control? External agent is notified,
e.g., datacenter admin, who will then isolate the BMC and schedule it to
be replaced.
Consider two underlying use cases: BMC management agent is (1)
network-based or (2) host-based. The intent to enable use case 1. Use
case 2 may be problematic when the policy is to isolate the BMC from its
host, but nothing in the design is intended to block this use case.
4 Progress on SELinux
Still working on SELinux design (Ruud): implementation work continues to
help the design.
Implementation progress (Yutaka): Enabled SELinux on AST2600 using Yocto
Kirkstone version. BMC boots in selinux permissive mode and basic
commands work. The initial readonly flash size increase is 20Mb, (was
16Mb, now is 16+20Mb = 36Mb total on flash). Will look into
configuration changes to reduce the size.
Will need a later/updated version of busybox which has SELinux features
enabled.
Starting to define policy for basic BMC workloads.
-Joseph
>
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
next prev parent reply other threads:[~2022-06-22 18:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-22 15:19 Security Working Group meeting - Wednesday June 22 Joseph Reynolds
2022-06-22 18:20 ` Joseph Reynolds [this message]
2022-06-22 20:24 ` Security Working Group meeting - Wednesday June 22 - results Patrick Williams
2022-06-22 21:23 ` Security Working Group meeting - Wednesday June 22 - results - BMC-attached TPM Joseph Reynolds
2022-06-22 22:16 ` Patrick Williams
2022-06-24 0:17 ` Joseph Reynolds
2022-06-24 9:27 ` Ratan Gupta
2022-06-28 1:29 ` Joseph Reynolds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bda71881-1a64-ad19-6fb1-fbb328975935@linux.ibm.com \
--to=jrey@linux.ibm.com \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.