From: Joseph Reynolds <jrey@linux.ibm.com>
To: openbmc <openbmc@lists.ozlabs.org>
Subject: Re: Security Working Group meeting - Wednesday March 16 - results
Date: Wed, 16 Mar 2022 12:51:11 -0500 [thread overview]
Message-ID: <fcc5d68f-a8d7-e857-370d-d1bf9971d018@linux.ibm.com> (raw)
In-Reply-To: <bcdc1bcd-857c-9110-2ecc-aa3719ce1d10@linux.ibm.com>
On 3/15/22 9:45 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday March 16 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>,
> and anything else that comes up:
>
Attended: Joseph, Ratan, James, Mark, Daniil, Dhananjay, Dick, Jiang
1 Please review the phosphor audit design
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023
<https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023>and related
code under https://github.com/openbmc/phosphor-logging
<https://github.com/openbmc/phosphor-logging>directory phosphor-audit.
IBM is interested in working on this.
We also discussed encrypting data like logs, and storing keys in a vault
/ trust zone / TPM.
See also encrypted volume https://github.com/openbmc/estoraged
<https://github.com/openbmc/estoraged>
2 CNA work update
James is working on the OpenBMC vulnerability backlog. First
transferring each one to our private github issues database together
with its reserved CVE. James will share JSON-formatted CVEs with the
security response team (SRT). Currently working to upload/submit CVEs
to mitre. (Note these are not yet public.)
Helpful tools: formatted vulnerabilities using vulnogram. Use
Redhat’s Cvelib Python-based tool
TODO: Joseph and Dhananjay (as the OpenBMC CNAs): get credentials from
mitre to allow you to create CVEs.
-Joseph
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
>
>
next prev parent reply other threads:[~2022-03-16 17:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-16 2:45 Security Working Group meeting - Wednesday March 16 Joseph Reynolds
2022-03-16 17:51 ` Joseph Reynolds [this message]
2022-03-16 19:45 ` Security Working Group meeting - Wednesday March 16 - results Michael Richardson
2022-03-18 22:23 ` Security Working Group meeting - Wednesday March 16 - results - audit log handling Joseph Reynolds
2022-03-16 23:21 ` Security Working Group meeting - Wednesday March 16 - results Patrick Williams
2022-03-18 22:49 ` Joseph Reynolds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fcc5d68f-a8d7-e857-370d-d1bf9971d018@linux.ibm.com \
--to=jrey@linux.ibm.com \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.