thoughts on livepatch?

thoughts on livepatch?

[Nancy Yuen]

[-- Attachment #1: Type: text/plain, Size: 135 bytes --]

Anyone tried it with OpenBMC?  Any thoughts?

Nancy Yuen

•

Google Platforms

•

yuenn@google.com

•

Google LLC

[-- Attachment #2: Type: text/html, Size: 3084 bytes --]

Re: thoughts on livepatch?

[Nancy Yuen]

[-- Attachment #1: Type: text/plain, Size: 443 bytes --]

And I was trigger happy.  Meant to include
https://www.kernel.org/doc/Documentation/livepatch/livepatch.txt

On Thu, Oct 22, 2020 at 5:59 PM Nancy Yuen <yuenn@google.com> wrote:

> Anyone tried it with OpenBMC?  Any thoughts?
>
> Nancy Yuen
>
> •
>
> Google Platforms
>
> •
>
> yuenn@google.com
>
> •
>
> Google LLC
>


-- 

Nancy Yuen

•

Google Platforms

•

yuenn@google.com

•

Google LLC

[-- Attachment #2: Type: text/html, Size: 6686 bytes --]

Re: thoughts on livepatch?

[Joseph Reynolds]

On 10/22/20 8:00 PM, Nancy Yuen wrote:
> And I was trigger happy. Meant to include...
> This Message Is From an External Sender
> This message came from outside your organization.
>
> And I was trigger happy.  Meant to include 
> https://www.kernel.org/doc/Documentation/livepatch/livepatch.txt
>
> On Thu, Oct 22, 2020 at 5:59 PM Nancy Yuen <yuenn@google.com 
> <mailto:yuenn@google.com>> wrote:
>
>     Anyone tried it with OpenBMC?  Any thoughts?
>

What is the use case?  I assume this is to patch an OpenBMC-based 
firmware image without having to rebuild and distribute the entire 
image.  What is the benefit of using livepatching compared to creating a 
new image that has the fix included, and rebooting the BMC to apply it?

Benefits?
- Smaller patch requires less bandwidth to distribute.
- Possible increased ability to apply patches sooner (compared to 
installing entire image then rebooting the BMC).
- Quicker apply times means less BMC downtime.

What is the cost?
- More complicated infrastructure to train staff and to create, track  
test, distribute, and apply patches.
- You have to test the patched image and test the image that has the 
permanent fix.
- Does patching work and play nicely with secure boot and attestation 
schemes?

Kernel livepatching is similar to immediate PTFs on IBM i.  As 
developers, we were encouraged to develop patches that could be applied 
immediately (meaning no reboot required).  These sometimes took extra 
time to develop, and it was not always possible to develop such a fix, 
required additional testing, and sometimes caused customer problems.

My 2 cents worth,
- Joseph

>
>     Nancy Yuen
>
>     	
>
>     •
>
>     	
>
>     Google Platforms
>
>     	
>
>     •
>
>     	
>
>     yuenn@google.com <mailto:yuenn@google.com>
>
>     	
>
>     •
>
>     	
>
>     Google LLC
>
>
>
> -- 
>
> Nancy Yuen
>
> 	
>
> •
>
> 	
>
> Google Platforms
>
> 	
>
> •
>
> 	
>
> yuenn@google.com <mailto:yuenn@google.com>
>
> 	
>
> •
>
> 	
>
> Google LLC
>

RE: [EXTERNAL] Re: thoughts on livepatch?

[Neeraj Ladkani]

Few concerns are 
-  Permutations and combinations of patches and validation chaos
-  Runtime security 
-  resources needed( CPU + Storage) for a good package manager ! 

Looking fwd to this if there is a good momentum to design a good and secure package manager for OpenBMC. 

Neeraj


-----Original Message-----
From: openbmc <openbmc-bounces+neladk=microsoft.com@lists.ozlabs.org> On Behalf Of Joseph Reynolds
Sent: Friday, October 23, 2020 1:36 PM
To: openbmc@lists.ozlabs.org; Nancy Yuen <yuenn@google.com>
Subject: [EXTERNAL] Re: thoughts on livepatch?

On 10/22/20 8:00 PM, Nancy Yuen wrote:
> And I was trigger happy. Meant to include...
> This Message Is From an External Sender This message came from outside 
> your organization.
>
> And I was trigger happy.  Meant to include
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> kernel.org%2Fdoc%2FDocumentation%2Flivepatch%2Flivepatch.txt&amp;data=
> 04%7C01%7Cneladk%40microsoft.com%7C47fe9e57b2ac41c0894f08d877935ec4%7C
> 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637390822149465815%7CUnknow
> n%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC
> JXVCI6Mn0%3D%7C1000&amp;sdata=Xcrnj5%2BY1WWXZL9nGp90YTETufTkrAJlGdFoys
> odDq4%3D&amp;reserved=0
>
> On Thu, Oct 22, 2020 at 5:59 PM Nancy Yuen <yuenn@google.com 
> <mailto:yuenn@google.com>> wrote:
>
>     Anyone tried it with OpenBMC?  Any thoughts?
>

What is the use case?  I assume this is to patch an OpenBMC-based firmware image without having to rebuild and distribute the entire image.  What is the benefit of using livepatching compared to creating a new image that has the fix included, and rebooting the BMC to apply it?

Benefits?
- Smaller patch requires less bandwidth to distribute.
- Possible increased ability to apply patches sooner (compared to installing entire image then rebooting the BMC).
- Quicker apply times means less BMC downtime.

What is the cost?
- More complicated infrastructure to train staff and to create, track test, distribute, and apply patches.
- You have to test the patched image and test the image that has the permanent fix.
- Does patching work and play nicely with secure boot and attestation schemes?

Kernel livepatching is similar to immediate PTFs on IBM i.  As developers, we were encouraged to develop patches that could be applied immediately (meaning no reboot required).  These sometimes took extra time to develop, and it was not always possible to develop such a fix, required additional testing, and sometimes caused customer problems.

My 2 cents worth,
- Joseph

>
>     Nancy Yuen
>
>     	
>
>     •
>
>     	
>
>     Google Platforms
>
>     	
>
>     •
>
>     	
>
>     yuenn@google.com <mailto:yuenn@google.com>
>
>     	
>
>     •
>
>     	
>
>     Google LLC
>
>
>
> --
>
> Nancy Yuen
>
> 	
>
> •
>
> 	
>
> Google Platforms
>
> 	
>
> •
>
> 	
>
> yuenn@google.com <mailto:yuenn@google.com>
>
> 	
>
> •
>
> 	
>
> Google LLC
>