Re: Security Working Group meeting - Wednesday August 31 - results

From: Joseph Reynolds <jrey@linux.ibm.com>
To: openbmc <openbmc@lists.ozlabs.org>
Subject: Re: Security Working Group meeting - Wednesday August 31 - results
Date: Wed, 31 Aug 2022 13:09:10 -0500	[thread overview]
Message-ID: <c0f6cc7e-6c7e-fe22-498d-2c3cb7851b73@linux.ibm.com> (raw)
In-Reply-To: <e093dea2-ca08-fd8d-3151-2e858164f633@linux.ibm.com>

On 8/30/22 8:08 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday August 31 at 10:00am PDT.
>
>
> ATTNTION - Venue Change.  The meeting moved to Discord voice, 
> beginning with this meeting.  Please update your calendars.
>
> === MEETING ACCESS ON DISCORD VOICE starting on Aug 31, 2022  ===
>
> Discord > OpenBMC > Voice channels >  Security ~ 
> https://discord.com/channels/775381525260664832/1002376534377635860 
> <https://discord.com/channels/775381525260664832/1002376534377635860>
>
>
>
> We'll discuss the following items on the agenda 
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>, 
> and anything else that comes up:

Attendees (as Discord screen names): josephreynolds, galmasi, alda, 
ddaniil, dsp, fnichols3, jiangz, pgc, Rob, RussWilson, 
skotheshwara,YutakaSugawara.

0 We took about 15 minutes to try out the new Discord voice access and 
to escort folks from the old Webex meeting.

1 Continue Measured Boot discussion

DISCUSSION: Create two separate designs for:

  *

    Enable measured boot.

  *

    Enable Keylime Agent.  Direction is for the keylime agent to open
    the BMC network port (using systemd, sort of like how SSH works). 
    The intention is to engage with Redfish for how to configure the
    Keylime Agent: certificates, start/stop the application, etc.

2  Proposal for dynamic changes to Redfish authorization rules 
https://gerrit.openbmc.org/c/openbmc/docs/+/56401 
<https://gerrit.openbmc.org/c/openbmc/docs/+/56401>

No discussion.

3 Proposal to change the meeting time so folks from other time zones can 
better participate.

We are also looking for alternate (non voice) ways to cover the material.

We looked at recording the call, but Discord does not have a record button.

We proposed alternating meeting times to cover time zones in California, 
US Central, Europe, India, China, and Australia.  (So, pretty much the 
whole world.)

TODO: Joseph to create a poll, suggest alternate meeting times: 9am CDT 
& 5pm CDT or 8am Australia.

>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group 
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph