OpenBMC Security Working Group Kick Off

OpenBMC Security Working Group Kick Off

[Nancy Yuen]

[-- Attachment #1: Type: text/plain, Size: 1127 bytes --]

The OpenBMC Security Work Group kick off meeting is scheduled for Thurs May
31, 9AM PDT.  This first meeting is by invite only.  Please email me if you
are interested in participating in this working group.

In the future we will have public meetings open to the community.  But the
nature of security is such that some more restricted meetings will be
necessary.

The current agenda is below.  The group will send an update with meeting
notes after the meeting tomorrow.

Current agenda <https://goo.gl/forms/QS8j4j6mnWGYYNDj2>:

   - Introduction round table: what you're interested in and why
   - Joseph Reynolds: OpenBMC security documentation project
   https://gerrit.openbmc-project.xyz/#/c/10443/
   <https://gerrit.openbmc-project.xyz/#/c/10443/>
   - Ben Stoltz: CC as it applies to design and implementation phases.
   Separation of policy and mechanism in BMC lifecycle, including product
   lifecycle manufacture, provisioning, deployment, operations and
   maintenance, recovery, and disposition. E.g. repairs: {Low-/Med-/High-
   touch} x {manual-/automated-self-/automated-assisted- repair}


----------
Nancy

[-- Attachment #2: Type: text/html, Size: 1635 bytes --]

Re: OpenBMC Security Working Group Kick Off

[Stewart Smith]

Nancy Yuen <yuenn@google.com> writes:
> The OpenBMC Security Work Group kick off meeting is scheduled for Thurs May
> 31, 9AM PDT.  This first meeting is by invite only.  Please email me if you
> are interested in participating in this working group.

Would topics like "security of the BMC from a hostile host" be part of
this?

A design of OpenPOWER systems is that the BMC and the Host don't have to
trust each other, and this should extend to a host that's hostile
towards the BMC.

I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
we started fuzzing those interfaces.

-- 
Stewart Smith
OPAL Architect, IBM.

Re: OpenBMC Security Working Group Kick Off

[Vernon Mauery]

On 31-May-2018 06:38 PM, Stewart Smith wrote:
>Nancy Yuen <yuenn@google.com> writes:
>> The OpenBMC Security Work Group kick off meeting is scheduled for Thurs May
>> 31, 9AM PDT.  This first meeting is by invite only.  Please email me if you
>> are interested in participating in this working group.
>
>Would topics like "security of the BMC from a hostile host" be part of
>this?

I would vote yes. From a platform architecture, while the pre-boot 
communications from the Host might be more trusted, after the OS boots, 
the host should be considered hostile.

>A design of OpenPOWER systems is that the BMC and the Host don't have to
>trust each other, and this should extend to a host that's hostile
>towards the BMC.

I agree. This is just a plain good design choice. :)

--Vernon

>I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
>we started fuzzing those interfaces.
>
>-- 
>Stewart Smith
>OPAL Architect, IBM.
>

Re: OpenBMC Security Working Group Kick Off

[Andrew Jeffery]

On Thu, 31 May 2018, at 18:08, Stewart Smith wrote:
> Nancy Yuen <yuenn@google.com> writes:
> > The OpenBMC Security Work Group kick off meeting is scheduled for Thurs May
> > 31, 9AM PDT.  This first meeting is by invite only.  Please email me if you
> > are interested in participating in this working group.
> 
> Would topics like "security of the BMC from a hostile host" be part of
> this?

I vote yes, and I'm picking up the work to shut down some of the obvious holes again now, at least from an OpenPOWER perspective.

> 
> A design of OpenPOWER systems is that the BMC and the Host don't have to
> trust each other, and this should extend to a host that's hostile
> towards the BMC.
> 
> I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
> we started fuzzing those interfaces.

I've have a neglected branch floating around that adds an AFL harness for mboxd. I should start hacking on that again :)

Andrew

Re: OpenBMC Security Working Group Kick Off

[Nancy Yuen]

[-- Attachment #1: Type: text/plain, Size: 1184 bytes --]

----------
Nancy

On Thu, May 31, 2018 at 5:38 PM, Andrew Jeffery <andrew@aj.id.au> wrote:

> On Thu, 31 May 2018, at 18:08, Stewart Smith wrote:
> > Nancy Yuen <yuenn@google.com> writes:
> > > The OpenBMC Security Work Group kick off meeting is scheduled for
> Thurs May
> > > 31, 9AM PDT.  This first meeting is by invite only.  Please email me
> if you
> > > are interested in participating in this working group.
> >
> > Would topics like "security of the BMC from a hostile host" be part of
> > this?
>
> I vote yes, and I'm picking up the work to shut down some of the obvious
> holes again now, at least from an OpenPOWER perspective.
>

Definitely it would be a security topic for our platforms.


>
> >
> > A design of OpenPOWER systems is that the BMC and the Host don't have to
> > trust each other, and this should extend to a host that's hostile
> > towards the BMC.
> >
> > I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
> > we started fuzzing those interfaces.
>
> I've have a neglected branch floating around that adds an AFL harness for
> mboxd. I should start hacking on that again :)
>

Maybe for OpenBMC Fix it next week? :D


>
> Andrew
>

[-- Attachment #2: Type: text/html, Size: 2169 bytes --]

Re: OpenBMC Security Working Group Kick Off

[Andrew Jeffery]

> > > A design of OpenPOWER systems is that the BMC and the Host don't have to
> > > trust each other, and this should extend to a host that's hostile
> > > towards the BMC.
> > >
> > > I'd be surprised if we didn't find bugs in both mboxd and host ipmi if
> > > we started fuzzing those interfaces.
> >
> > I have a neglected branch floating around that adds an AFL harness for
> > mboxd. I should start hacking on that again :)
> >
> 
> Maybe for OpenBMC Fix it next week? :D

Added it to the list

Andrew