Openbmc archive at lore.kernel.org
 help / color / Atom feed
* Re: [Potential Spoof] OpenBMC Learning Series
@ 2020-07-25  0:13 Sai Dasari
  2020-10-09 17:33 ` OpenBMC Learning Series - security Joseph Reynolds
  0 siblings, 1 reply; 7+ messages in thread
From: Sai Dasari @ 2020-07-25  0:13 UTC (permalink / raw)
  To: Openbmc

[-- Attachment #1.1: Type: text/plain, Size: 5187 bytes --]

Team,

Thanks to all volunteer speakers stepping up to share their expertise with community. For speaker convenience, the sessions will be held on two TimeZones (USA/PDT and INDIA/IST) on Thursdays@10AM starting from 8/20 onwards.

I encourage you to take a look at the shared doc @ https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing for more information regarding this series. If you would like to see more topics (either as speakers or new community members), please feel free to add them for extending the topics in future sessions.

Following table is for a quick reference (Apologies for those using text based email clients if the following table does not render properly). The same  information is available at the above shared doc.

And also please find the calendar appointment for the scheduled sessions as attachments to reserve/plan your time.

Thanks,
Sai


Session#
Title
Speaker
Meeting Info (password: openbmc)
1
OpenBMC User Management
Richard Thomaiyar
https://us02web.zoom.us/j/81386216701?pwd=aU1Sd1lrclNqN05aREtzcmFMTG1Kdz09
Date: 8/20@10AM PDT
2
Adding new platform to OpenBMC
Vijay Khemka
https://us02web.zoom.us/j/84964981135?pwd=UFY3cVRCdHpHVmpUSXNtdjBjZ2pQUT09
Date: 8/27@10AM PDT
3
Redfish EventService
AppaRao
https://us02web.zoom.us/j/83980904008?pwd=eDRlMTZpUm56TkpNaWxac2h1czdhUT09
Dte: 8/27@10AM IST
4
sdbusplus and phosphor-dbus-interfaces
Patrick Williams
https://us02web.zoom.us/j/86726018083?pwd=a1FqeUNEcHhud25WKzJORzdZQ0tsUT09
Date: 9/3@10AM PDT
5
Entity Manager on S2600WF
James Feist
https://us02web.zoom.us/j/82785505636?pwd=U3N3eWVOYkdhdVFod1FFeVRiQTA3UT09
Date: 9/10@10AM PDT
6
Remote BIOS configuration
Suryakanth Sekar
https://us02web.zoom.us/j/82943666703?pwd=UjRURnZJc01RSFJLa3RHb2ZycDR1QT09
Date: 9/10@10AM IST
7
PLDM Modelling for Add-on card
Richard Thomaiyar
https://us02web.zoom.us/j/87446140838?pwd=ZVdZOFlCdzU2RlpLaVFVUG1pUUFBZz09
Date: 9/17@10AM PDT
8
SPDM
Vikram Bodireddy
https://us02web.zoom.us/j/82356547887?pwd=NmpOUmNzKzJyTzFWck5yZTJySGs2dz09
Date: 9/17@10AM IST
9
PLDM Stack on OpenBMC
Deepak Kodihalli
https://us02web.zoom.us/j/81854376605?pwd=R25UMkd6VTNMU2dnOU1HS0Z4NUJ6dz09
Date: 9/24@10AM PDT
10
OpenBMC's Redfish implementation
Gunnar Mills
https://us02web.zoom.us/j/83152526283?pwd=c1g2d1BzbWgvVVVaRU53S2VzT2Vjdz09
Date: 10/1@10AM PDT
11
OpenBMC Vue GUI/ Vue development
Dixsie Wolmers
https://us02web.zoom.us/j/87423100421?pwd=YzNCaWlKd3lqN24zUmtsUXcvQmFHdz09
Date: 10/8@10AM PDT
12
Qemu for OpenBMC development and testing
Joel Stanley
To Be Scheduled
13
IPMI subsystem
Saravanan Palanisamy
To Be Scheduled


From: openbmc <openbmc-bounces+sdasari=fb.com@lists.ozlabs.org> on behalf of Sai Dasari <sdasari@fb.com>
Date: Wednesday, June 3, 2020 at 11:11 AM
To: Openbmc <openbmc@lists.ozlabs.org>
Subject: [Potential Spoof] OpenBMC Learning Series

Team,

Our OpenBMC community continues to grow at rapid pace as can be observed by various metrics like number of CCLAs, industry adoption rate, design/code contributions, numerous technical conversations over Mailing List/IRC/Gerritt, and more. Because of this rapid growth the project might appear to be a bit complex for a new contributor evaluating our stack. I believe there are multiple ongoing efforts of reducing this barrier for a potential contributor to ramp them up quickly on this stack that includes documentation, wiki pages, tutorials in our github repo.

In addition to these ongoing efforts, I propose to start a video based learning series that aims to introduce OpenBMC stack for a potential contributor.  I hope such video series will help disseminate tribal knowledge that we built in this community over a period of time and ramp up the new contributors quickly. To make this series useful, I seek volunteer speakers who are interesting in sharing their expertise and help plan this series to be more effective. For those of you who are interested, please add yourself as speaker with title/description before 6/17 @ https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing<https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com_spreadsheets_d_1RRO5cgutKE7zRPcjcFjrNn-2DGI5AYoW0FivEZJe-5FEyWs_edit-3Fusp-3Dsharing&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=D804Bb_g8FkIaCjjb_rg7A&m=jiieokO0uAODRnnQ20XixFHfnFjjOHrRUFA1TPRE9SQ&s=7CaN4ZLtu3M2jAphmv6hTsbPxuPeZnbEDkcY2AiHc08&e=>

Some topics for consideration include OpenBMC project overview, Software stack architecture, community developer guidelines, Repo structure and guidelines, Usage of Yocto in OpenBMC,  Usage of D-Bus in OpenBMC, C++ coding standards in OpenBMC,  IPMI sub-system, Redfish sub-system, Using QEMU effectively, Sensor sub-system, Best practices in debugging, Logging, metrics/telemetry etc. And this is not an exhaustive list and feel free to add any topic that you plan to share with community.

I will reach out to volunteer speakers and facilitate logistics and update the ML with next steps. Please let me know for any info regarding this effort.

Thanks,
Sai.





[-- Attachment #1.2: Type: text/html, Size: 30956 bytes --]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: OpenBMC-GUI.ics --]
[-- Type: text/calendar; name="OpenBMC-GUI.ics", Size: 1778 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T234421Z
DTSTART;TZID=America/Los_Angeles:20201008T100000
DTEND;TZID=America/Los_Angeles:20201008T110000
SUMMARY:OpenBMC: GUI/Vue
UID:20200723T234421Z-9396880476@fe80:0:0:0:14a5:61ff:fe48:5471ens5
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: OpenBMC-Redfish.ics --]
[-- Type: text/calendar; name="OpenBMC-Redfish.ics", Size: 1776 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T234232Z
DTSTART;TZID=America/Los_Angeles:20201001T100000
DTEND;TZID=America/Los_Angeles:20201001T110000
SUMMARY:OpenBMC: Redfish
UID:20200723T234232Z-9396880476@fe80:0:0:0:4c9:1ff:fe3a:76efens3
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #4: OpenBMC-PLDM.ics --]
[-- Type: text/calendar; name="OpenBMC-PLDM.ics", Size: 1775 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T234211Z
DTSTART;TZID=America/Los_Angeles:20200924T100000
DTEND;TZID=America/Los_Angeles:20200924T110000
SUMMARY:OpenBMC: PLDM
UID:20200723T234211Z-9396880476@fe80:0:0:0:1487:5dff:fe61:86e7ens5
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #5: OpenBMC-PLDM-Addon.ics --]
[-- Type: text/calendar; name="OpenBMC-PLDM-Addon.ics", Size: 1800 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T234147Z
DTSTART;TZID=America/Los_Angeles:20200917T100000
DTEND;TZID=America/Los_Angeles:20200917T110000
SUMMARY:OpenBMC: PLDM Modelling for Add-on card
UID:20200723T234147Z-9396880476@fe80:0:0:0:495:4bff:fed3:5473ens3
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #6: OpenBMC-SPDM.ics --]
[-- Type: text/calendar; name="OpenBMC-SPDM.ics", Size: 1549 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:Asia/Kolkata
TZURL:http://tzurl.org/zoneinfo-outlook/Asia/Kolkata
X-LIC-LOCATION:Asia/Kolkata
BEGIN:STANDARD
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
TZNAME:IST
DTSTART:19700101T000000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T234109Z
DTSTART;TZID=Asia/Kolkata:20200917T100000
DTEND;TZID=Asia/Kolkata:20200917T110000
SUMMARY:OpenBMC: SPDM 
UID:20200723T234109Z-9396880476@fe80:0:0:0:452:d0ff:fe6b:94afens3
TZID:Asia/Kolkata
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #7: OpenBMC-EntityMgr.ics --]
[-- Type: text/calendar; name="OpenBMC-EntityMgr.ics", Size: 1796 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T234031Z
DTSTART;TZID=America/Los_Angeles:20200910T100000
DTEND;TZID=America/Los_Angeles:20200910T110000
SUMMARY:OpenBMC: Entity-Manager on S2600WF
UID:20200723T234031Z-9396880476@fe80:0:0:0:1417:fcff:fed3:deddens5
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #8: OpenBMC-remoteBIOS.ics --]
[-- Type: text/calendar; name="OpenBMC-remoteBIOS.ics", Size: 1569 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:Asia/Kolkata
TZURL:http://tzurl.org/zoneinfo-outlook/Asia/Kolkata
X-LIC-LOCATION:Asia/Kolkata
BEGIN:STANDARD
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
TZNAME:IST
DTSTART:19700101T000000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T234000Z
DTSTART;TZID=Asia/Kolkata:20200910T100000
DTEND;TZID=Asia/Kolkata:20200910T110000
SUMMARY:OpenBMC: Remote BIOS Configuration
UID:20200723T234000Z-9396880476@fe80:0:0:0:1456:eff:fe7b:6f8dens5
TZID:Asia/Kolkata
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #9: OpenBMC-sdbus.ics --]
[-- Type: text/calendar; name="OpenBMC-sdbus.ics", Size: 1808 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T233935Z
DTSTART;TZID=America/Los_Angeles:20200903T100000
DTEND;TZID=America/Los_Angeles:20200903T110000
SUMMARY:OpenBMC: sdbusplus and phosphor-dbus-interfaces
UID:20200723T233935Z-9396880476@fe80:0:0:0:1468:fbff:fe9f:1ebens5
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #10: OpenBMC-NewPlatform.ics --]
[-- Type: text/calendar; name="OpenBMC-NewPlatform.ics", Size: 1789 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T233909Z
DTSTART;TZID=America/Los_Angeles:20200827T100000
DTEND;TZID=America/Los_Angeles:20200827T110000
SUMMARY:OpenBMC: Adding New Platform
UID:20200723T233909Z-9396880476@fe80:0:0:0:448:b3ff:feba:1f7dens3
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #11: OpenBMC-RedfishEvent.ics --]
[-- Type: text/calendar; name="OpenBMC-RedfishEvent.ics", Size: 1571 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:Asia/Kolkata
TZURL:http://tzurl.org/zoneinfo-outlook/Asia/Kolkata
X-LIC-LOCATION:Asia/Kolkata
BEGIN:STANDARD
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
TZNAME:IST
DTSTART:19700101T000000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T233520Z
DTSTART;TZID=Asia/Kolkata:20200827T100000
DTEND;TZID=Asia/Kolkata:20200827T110000
SUMMARY:OpenBMC: Redfish Event Logs/Service
UID:20200723T233520Z-9396880476@fe80:0:0:0:145b:9dff:fe58:1cd3ens5
TZID:Asia/Kolkata
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #12: OpenBMC-UserMgmt.ics --]
[-- Type: text/calendar; name="OpenBMC-UserMgmt.ics", Size: 1785 bytes --]

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20200723T233430Z
DTSTART;TZID=America/Los_Angeles:20200820T100000
DTEND;TZID=America/Los_Angeles:20200820T110000
SUMMARY:OpenBMC: User Management
UID:20200723T233430Z-9396880476@fe80:0:0:0:495:4bff:fed3:5473ens3
TZID:America/Los_Angeles
DESCRIPTION:Sai Dasari is inviting you to a scheduled Zoom meeting.\n\nJo
 in Zoom Meeting\nhttps://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZE
 thQUQzcEF2QjRXUT09\n\nMeeting ID: 939 688 0476\nPasscode: openbmc\nOne t
 ap mobile\n+16699009128\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (San
  Jose)\n+12532158782\,\,9396880476#\,\,\,\,\,\,0#\,\,8592515# US (Tacoma
 )\n\nDial by your location\n        +1 669 900 9128 US (San Jose)\n     
    +1 253 215 8782 US (Tacoma)\n        +1 346 248 7799 US (Houston)\n  
       +1 301 715 8592 US (Germantown)\n        +1 312 626 6799 US (Chica
 go)\n        +1 646 558 8656 US (New York)\nMeeting ID: 939 688 0476\nPa
 sscode: 8592515\nFind your local number: https://us02web.zoom.us/u/kddfS
 pAkEj\n\n
LOCATION:https://us02web.zoom.us/j/9396880476?pwd=a2gyYkVpRjhBZEthQUQzcEF
 2QjRXUT09
BEGIN:VALARM
TRIGGER:-PT10M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: OpenBMC Learning Series - security
  2020-07-25  0:13 [Potential Spoof] OpenBMC Learning Series Sai Dasari
@ 2020-10-09 17:33 ` Joseph Reynolds
  2020-10-09 19:51   ` Patrick Williams
  2020-10-15 18:55   ` OpenBMC Learning Series - list of security topics Joseph Reynolds
  0 siblings, 2 replies; 7+ messages in thread
From: Joseph Reynolds @ 2020-10-09 17:33 UTC (permalink / raw)
  To: Openbmc, Sai Dasari

On 7/24/20 7:13 PM, Sai Dasari wrote:
>
> Team,
>
> Thanks to all volunteer speakers stepping up to share their expertise 
> with community. For speaker convenience, the sessions will be held on 
> two *TimeZones* (USA/PDT and INDIA/IST) on *Thursdays@10AM* starting 
> from 8/20 onwards.
>
> I encourage you to take a look at the shared doc @ 
> https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing 
> for more information regarding this series. If you would like to see 
> more topics (either as speakers or new community members), please feel 
> free to add them for extending the topics in future sessions.
>
...snip...


Sai and the OpenBMC community,

Here is my big-picture idea to organize OpenBMC's security effort. I 
hope this material will guide the project's overall security effort, 
including the learning series.

I want to take this process one step at a time to help build consensus 
for my approach.

My big idea is to apply the world's best publicly available security 
schemes to the OpenBMC project.  Schemes like Microsoft Security 
Engineering, IBM Secure Engineering, and the Common Criteria evaluation 
have been developed over decades of experience and give us the most 
complete guidance for the OpenBMC project and its users.  We should use 
them.

Does this seem like the right approach?  See discussion in footnote 1.

These schemes have a lot in common.  For example, they all advocate for 
threat modeling, security testing, and development process steps like 
design and code reviews.  I am trying to get at that common portion and 
I would like to hear your ideas.

The elements of each scheme are listed in footnote 2 below.  Which of 
these seem most important?  It is so easy (and fun) to focus on security 
functions like authentication and transport layer security algorithms.  
But we might be served better by documenting BMC's architecture to 
understand where its weaknesses are, or making better security tests.  I 
would like to hear your ideas, and I can help sort them into the 
big-picture.


For the learning series presentation, I suggest picking up a dozen or so 
categories from below, including authentication and user management, 
testing and coding, documentation and threat models, incident response, 
etc.  Does that sound right?

- Joseph

## Footnote 1 - How we can use the world's best security schemes

I foresee several difficulties in trying to apply the schemes:
1. The project has not agreed to any particular security scheme and is 
unlikely to choose one, because...
2. Performing any security evaluation is expensive in terms of 
person-hours investment by subject matter experts and we have limited 
resources, and...
3. The big-picture security schemes apply to an entire IT project (like 
a server) while OpenBMC is only source code for one part of any such 
project, so we cannot apply the full methodology.

Why a big-picture scheme?  Security schemes that have a smaller scope 
will not take the project security to the highest levels.  The OpenBMC 
project itself should perform security work needed by various 
big-picture security schemes (such as listed above).  This includes not 
only features like transport security and authentication, but also 
documentation, evidence of design and code reviews, testing, and bug 
fixes, as required by big-picture secure engineering mandates.  Yes, the 
project does all that already, but that work does not have a security 
context.  I would like to help define that context.

Would it be helpful to show how more targeted guidelines from OWASP, 
OCP, and CSIS fit into the big-picture schemes?
[OWASP]: https://www.owasp.org/
[OCP]: https://www.opencompute.org/wiki/Security
[CSIS]: 
https://github.com/opencomputeproject/Security/blob/master/SecureFirmwareDevelopmentBestPractices.md

NOTE: This is a refresh of the effort started in the [security working 
group][] under the headings of "security assurance workflow" and 
"applicable standards".
[security working group]: 
https://github.com/openbmc/openbmc/wiki/Security-working-group

## Footnote 2 - Elements of high-level security schemes

Here are three high-level security schemes.  Is this the right set of 
schemes?
I've started to break these down.

==> Microsoft Security Engineering
https://www.microsoft.com/en-us/securityengineering
Security Development Lifecycle (SDL)
Operational Security Assurance (OSA)
Open Source Security
(Will someone help articulate which elements apply to OpenBMC?)

==> Common Criteria
https://www.commoncriteriaportal.org/cc/
Functional requirements:
- Security Audit (audit logs)
- Communication
- Cryptographic Support
- User data protection
- Authentication
- Security Management
- Privacy
- Protection of the BMC
- Resource Utilization
- BMC access, Trusted paths
Assurance requirements:
- Document BMC architecture and configuration
- Development (architecture, functions spec, implementation)
- Internal representation (source code)
- Guidance documentation
- Life-cycle support
- Tests
- Vulnerability Assessment.
Note: I've annotated and substituted some terminology to make this more 
readable (for example, TOE means BMC).  Also, I've skipped over some 
topics and grossly oversimplified others.  My goal is to make this list 
understandable to the BMC community and the organize OpenBMC work so it 
can be understood by security folks who do not have a BMC background.

==> IBM Secure Engineering
ibm.com/redbooks: Security in Development, The IBM Secure Engineering 
Framework
Development process: protect source code, planing, testing
Product lifecycle management: vulnerabilities, fixes
Secure Engineering Framework:
- Education and awareness
- Project Planning
- Risk assessment and threat modeling
- Security requirements
- Secure coding
- Test and vulnerability assessment
- Documentation
- Incident response
- Supply chain

Includes https://www.ibm.com/trust/security-spbd
- Assessment
- Threat Model
- Code Scan
- Security Tests
- Penetration Test
- Vulnerability Management


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: OpenBMC Learning Series - security
  2020-10-09 17:33 ` OpenBMC Learning Series - security Joseph Reynolds
@ 2020-10-09 19:51   ` Patrick Williams
  2020-10-14 15:00     ` Joseph Reynolds
  2020-10-15 18:55   ` OpenBMC Learning Series - list of security topics Joseph Reynolds
  1 sibling, 1 reply; 7+ messages in thread
From: Patrick Williams @ 2020-10-09 19:51 UTC (permalink / raw)
  To: Joseph Reynolds; +Cc: Openbmc


[-- Attachment #1: Type: text/plain, Size: 1974 bytes --]

On Fri, Oct 09, 2020 at 12:33:17PM -0500, Joseph Reynolds wrote:
> On 7/24/20 7:13 PM, Sai Dasari wrote:
> >
> > Team,
> >
> > Thanks to all volunteer speakers stepping up to share their expertise 
> > with community. For speaker convenience, the sessions will be held on 
> > two *TimeZones* (USA/PDT and INDIA/IST) on *Thursdays@10AM* starting 
> > from 8/20 onwards.
> >
> > I encourage you to take a look at the shared doc @ 
> > https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing 
> > for more information regarding this series. If you would like to see 
> > more topics (either as speakers or new community members), please feel 
> > free to add them for extending the topics in future sessions.
> >
> ...snip...
> 
> 
> Sai and the OpenBMC community,
> 
> Here is my big-picture idea to organize OpenBMC's security effort. I 
> hope this material will guide the project's overall security effort, 
> including the learning series.
> 
> I want to take this process one step at a time to help build consensus 
> for my approach.
> 
> My big idea is to apply the world's best publicly available security 
> schemes to the OpenBMC project.  Schemes like Microsoft Security 
> Engineering, IBM Secure Engineering, and the Common Criteria evaluation 
> have been developed over decades of experience and give us the most 
> complete guidance for the OpenBMC project and its users.  We should use 
> them.
> 
> Does this seem like the right approach?  See discussion in footnote 1.

Hi Joseph,

What I can't tell is if you're describing the current state of affairs
or where you'd like to go.  My impression is that these education
sessions should be more current state of affairs with only a taste of
the future.  The education sessions are for people who have little-to-no
experience with OpenBMC already in order to make them more productive
quickly.

-- 
Patrick Williams

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: OpenBMC Learning Series - security
  2020-10-09 19:51   ` Patrick Williams
@ 2020-10-14 15:00     ` Joseph Reynolds
  0 siblings, 0 replies; 7+ messages in thread
From: Joseph Reynolds @ 2020-10-14 15:00 UTC (permalink / raw)
  To: Patrick Williams; +Cc: Openbmc



On 10/9/20 2:51 PM, Patrick Williams wrote:
> On Fri, Oct 09, 2020 at 12:33:17PM -0500, Joseph Reynolds wrote:
>> On 7/24/20 7:13 PM, Sai Dasari wrote:
...snip...
>>> Sai and the OpenBMC community,
>>>
>>> Here is my big-picture idea to organize OpenBMC's security effort. I
>>> hope this material will guide the project's overall security effort,
>>> including the learning series.
>>>
>>> I want to take this process one step at a time to help build consensus
>>> for my approach.
>>>
>>> My big idea is to apply the world's best publicly available security
>>> schemes to the OpenBMC project.  Schemes like Microsoft Security
>>> Engineering, IBM Secure Engineering, and the Common Criteria evaluation
>>> have been developed over decades of experience and give us the most
>>> complete guidance for the OpenBMC project and its users.  We should use
>>> them.
>>>
>>> Does this seem like the right approach?  See discussion in footnote 1.
> Hi Joseph,
>
> What I can't tell is if you're describing the current state of affairs
> or where you'd like to go.  My impression is that these education
> sessions should be more current state of affairs with only a taste of
> the future.  The education sessions are for people who have little-to-no
> experience with OpenBMC already in order to make them more productive
> quickly.

My email recommends a way to organize the security work.  Once we agree 
[1], I think we should organize project documentation, presentations, 
and working group activity in the same way.  The presentation would give 
a simplified overview of project security and link to the project's 
security documentation.  Does that make sense?

- Joseph

[1]: We are discussing this in today's security working group meeting:
https://github.com/openbmc/openbmc/wiki/Security-working-group


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: OpenBMC Learning Series - list of security topics
  2020-10-09 17:33 ` OpenBMC Learning Series - security Joseph Reynolds
  2020-10-09 19:51   ` Patrick Williams
@ 2020-10-15 18:55   ` Joseph Reynolds
  2020-10-15 19:33     ` Sai Dasari
       [not found]     ` <9bfccd5e-79ae-f1fb-6771-0514e3d1b2fd@preossec.com>
  1 sibling, 2 replies; 7+ messages in thread
From: Joseph Reynolds @ 2020-10-15 18:55 UTC (permalink / raw)
  To: openbmc, Sai Dasari

On 10/9/20 12:33 PM, Joseph Reynolds wrote:
> On 7/24/20 7:13 PM, Sai Dasari wrote:
>>
>> Team,
>>
>> Thanks to all volunteer speakers stepping up to share their expertise 
>> with community. For speaker convenience, the sessions will be held on 
>> two *TimeZones* (USA/PDT and INDIA/IST) on *Thursdays@10AM* starting 
>> from 8/20 onwards.
>>
>> I encourage you to take a look at the shared doc @ 
>> https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing 
>> for more information regarding this series. If you would like to see 
>> more topics (either as speakers or new community members), please 
>> feel free to add them for extending the topics in future sessions.
>>
> ...snip...
>
>
> Sai and the OpenBMC community,
>
> Here is my big-picture idea to organize OpenBMC's security effort. I 
> hope this material will guide the project's overall security effort, 
> including the learning series.
...snip...
> For the learning series presentation, I suggest picking up a dozen or 
> so categories from below, including authentication and user 
> management, testing and coding, documentation and threat models, 
> incident response, etc.  Does that sound right?

Sai, thanks for helping to push this forward.


OpenBMC community,

We agreed [1] to a list "security topics" drawn from Microsoft Security 
Engineering, Common Criteria, and IBM Secure Engineering. The idea is 
that a project that uses OpenBMC and follows a similar security approach 
should be able to find what they need in the OpenBMC security topics, 
but the topics themselves are not tightly coupled to any specific 
approach.  Then each of the OpenBMC security topics will give whatever 
the project offers.

[1]: General agreement at the 2020-10-14 OpenBMC security working group 
meeting.  Notes here: 
https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI 


To clarify, I intend for these topics to be the organizing principle for 
the security working group and the learning series.  I am not announcing 
any intention to meet any guidelines, follow any specific practices, or 
perform any security assessments.  One step at a time.

Here is my initial proposal for topics.  This most certainly reflects my 
bias.  Feel free to suggest corrections, changes, and additions.
- Education and awareness
- Threat model
- Code scans
- Security tests (includes dynamic scans and penetration testing)
- Vulnerability management and incident response
- Development process (include planning, designs, reviews, secure coding)
- Documentation (includes specs, architecture, designs, code, and 
configuration) - see breakout below
- Incident response
- Guidance documentation (for downstream projects and for BMC admins)
- Supply chain (includes source code from Yocto and projects built into 
the image)

BMC security function documentation:
- Audit logs
- Communication paths
- Cryptographic support
- User data protection
- Authentication
- Security Management
- Privacy
- Protection of the BMC
- Resource Utilization
- BMC access, Trusted paths

Excluded topics:
- Threat assessment - varies between use cases
- Supply chain (physical) - not applicable

For the learning series presentation I propose one slide to motivate why 
security focus is important, and another explain how OpenBMC security 
topics relate to high-level security schemes and to more focused 
guidance from OWASP, OCP, and CSIS.  Then slides for each security 
topic.  My feeling is that even professional developers need help to 
understand how everything relates back to security. :-)

Let me know if you expect the learning series presentation to have any 
specific content.

- Joseph

>
> - Joseph
>
> ## Footnote 1 - How we can use the world's best security schemes
>
> I foresee several difficulties in trying to apply the schemes:
> 1. The project has not agreed to any particular security scheme and is 
> unlikely to choose one, because...
> 2. Performing any security evaluation is expensive in terms of 
> person-hours investment by subject matter experts and we have limited 
> resources, and...
> 3. The big-picture security schemes apply to an entire IT project 
> (like a server) while OpenBMC is only source code for one part of any 
> such project, so we cannot apply the full methodology.
>
> Why a big-picture scheme?  Security schemes that have a smaller scope 
> will not take the project security to the highest levels. The OpenBMC 
> project itself should perform security work needed by various 
> big-picture security schemes (such as listed above).  This includes 
> not only features like transport security and authentication, but also 
> documentation, evidence of design and code reviews, testing, and bug 
> fixes, as required by big-picture secure engineering mandates.  Yes, 
> the project does all that already, but that work does not have a 
> security context.  I would like to help define that context.
>
> Would it be helpful to show how more targeted guidelines from OWASP, 
> OCP, and CSIS fit into the big-picture schemes?
> [OWASP]: https://www.owasp.org/
> [OCP]: https://www.opencompute.org/wiki/Security
> [CSIS]: 
> https://github.com/opencomputeproject/Security/blob/master/SecureFirmwareDevelopmentBestPractices.md
>
> NOTE: This is a refresh of the effort started in the [security working 
> group][] under the headings of "security assurance workflow" and 
> "applicable standards".
> [security working group]: 
> https://github.com/openbmc/openbmc/wiki/Security-working-group
>
> ## Footnote 2 - Elements of high-level security schemes
>
> Here are three high-level security schemes.  Is this the right set of 
> schemes?
> I've started to break these down.
>
> ==> Microsoft Security Engineering
> https://www.microsoft.com/en-us/securityengineering
> Security Development Lifecycle (SDL)
> Operational Security Assurance (OSA)
> Open Source Security
> (Will someone help articulate which elements apply to OpenBMC?)
>
> ==> Common Criteria
> https://www.commoncriteriaportal.org/cc/
> Functional requirements:
> - Security Audit (audit logs)
> - Communication
> - Cryptographic Support
> - User data protection
> - Authentication
> - Security Management
> - Privacy
> - Protection of the BMC
> - Resource Utilization
> - BMC access, Trusted paths
> Assurance requirements:
> - Document BMC architecture and configuration
> - Development (architecture, functions spec, implementation)
> - Internal representation (source code)
> - Guidance documentation
> - Life-cycle support
> - Tests
> - Vulnerability Assessment.
> Note: I've annotated and substituted some terminology to make this 
> more readable (for example, TOE means BMC).  Also, I've skipped over 
> some topics and grossly oversimplified others.  My goal is to make 
> this list understandable to the BMC community and the organize OpenBMC 
> work so it can be understood by security folks who do not have a BMC 
> background.
>
> ==> IBM Secure Engineering
> ibm.com/redbooks: Security in Development, The IBM Secure Engineering 
> Framework
> Development process: protect source code, planing, testing
> Product lifecycle management: vulnerabilities, fixes
> Secure Engineering Framework:
> - Education and awareness
> - Project Planning
> - Risk assessment and threat modeling
> - Security requirements
> - Secure coding
> - Test and vulnerability assessment
> - Documentation
> - Incident response
> - Supply chain
>
> Includes https://www.ibm.com/trust/security-spbd
> - Assessment
> - Threat Model
> - Code Scan
> - Security Tests
> - Penetration Test
> - Vulnerability Management
>


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: OpenBMC Learning Series - list of security topics
  2020-10-15 18:55   ` OpenBMC Learning Series - list of security topics Joseph Reynolds
@ 2020-10-15 19:33     ` Sai Dasari
       [not found]     ` <9bfccd5e-79ae-f1fb-6771-0514e3d1b2fd@preossec.com>
  1 sibling, 0 replies; 7+ messages in thread
From: Sai Dasari @ 2020-10-15 19:33 UTC (permalink / raw)
  To: Joseph Reynolds, openbmc



On 10/15/20, 11:55 AM, "Joseph Reynolds" <jrey@linux.ibm.com> wrote:

    On 10/9/20 12:33 PM, Joseph Reynolds wrote:
    > On 7/24/20 7:13 PM, Sai Dasari wrote:
    >>
    >> Team,
    >>
    >> Thanks to all volunteer speakers stepping up to share their expertise 
    >> with community. For speaker convenience, the sessions will be held on 
    >> two *TimeZones* (USA/PDT and INDIA/IST) on *Thursdays@10AM* starting 
    >> from 8/20 onwards.
    >>
    >> I encourage you to take a look at the shared doc @ 
    >> https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing  
    >> for more information regarding this series. If you would like to see 
    >> more topics (either as speakers or new community members), please 
    >> feel free to add them for extending the topics in future sessions.
    >>
    > ...snip...
    >
    >
    > Sai and the OpenBMC community,
    >
    > Here is my big-picture idea to organize OpenBMC's security effort. I 
    > hope this material will guide the project's overall security effort, 
    > including the learning series.
    ...snip...
    > For the learning series presentation, I suggest picking up a dozen or 
    > so categories from below, including authentication and user 
    > management, testing and coding, documentation and threat models, 
    > incident response, etc.  Does that sound right?

    Sai, thanks for helping to push this forward.


    OpenBMC community,

    We agreed [1] to a list "security topics" drawn from Microsoft Security 
    Engineering, Common Criteria, and IBM Secure Engineering. The idea is 
    that a project that uses OpenBMC and follows a similar security approach 
    should be able to find what they need in the OpenBMC security topics, 
    but the topics themselves are not tightly coupled to any specific 
    approach.  Then each of the OpenBMC security topics will give whatever 
    the project offers.

    [1]: General agreement at the 2020-10-14 OpenBMC security working group 
    meeting.  Notes here: 
    https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI  

    To clarify, I intend for these topics to be the organizing principle for 
    the security working group and the learning series.  I am not announcing 
    any intention to meet any guidelines, follow any specific practices, or 
    perform any security assessments.  One step at a time.

    Here is my initial proposal for topics.  This most certainly reflects my 
    bias.  Feel free to suggest corrections, changes, and additions.
    - Education and awareness
    - Threat model
    - Code scans
    - Security tests (includes dynamic scans and penetration testing)
    - Vulnerability management and incident response
    - Development process (include planning, designs, reviews, secure coding)
    - Documentation (includes specs, architecture, designs, code, and 
    configuration) - see breakout below
    - Incident response
    - Guidance documentation (for downstream projects and for BMC admins)
    - Supply chain (includes source code from Yocto and projects built into 
    the image)

    BMC security function documentation:
    - Audit logs
    - Communication paths
    - Cryptographic support
    - User data protection
    - Authentication
    - Security Management
    - Privacy
    - Protection of the BMC
    - Resource Utilization
    - BMC access, Trusted paths

    Excluded topics:
    - Threat assessment - varies between use cases
    - Supply chain (physical) - not applicable


    For the learning series presentation I propose one slide to motivate why 
    security focus is important, and another explain how OpenBMC security 
    topics relate to high-level security schemes and to more focused 
    guidance from OWASP, OCP, and CSIS.  Then slides for each security 
    topic.  My feeling is that even professional developers need help to 
    understand how everything relates back to security. :-)


    Let me know if you expect the learning series presentation to have any 
    specific content.
Thanks Joseph for alignment for this important security area and identifying detailed topics of interest. For learning series, since the intended audience are beginners to the project, I like your idea of providing motivation for security focus followed by introducing various topics at high level for further exploration. In addition, if you believe we have enough topics/speakers (4+), we can create security specific learning (mini) series in 2021 (March timeframe) where you can build up the material from basic->intermediate->advanced topics. I will be happy to work with you to create such series, if there is enough interest.

    - Joseph

    >
    > - Joseph
    >
    > ## Footnote 1 - How we can use the world's best security schemes
    >
    > I foresee several difficulties in trying to apply the schemes:
    > 1. The project has not agreed to any particular security scheme and is 
    > unlikely to choose one, because...
    > 2. Performing any security evaluation is expensive in terms of 
    > person-hours investment by subject matter experts and we have limited 
    > resources, and...
    > 3. The big-picture security schemes apply to an entire IT project 
    > (like a server) while OpenBMC is only source code for one part of any 
    > such project, so we cannot apply the full methodology.
    >
    > Why a big-picture scheme?  Security schemes that have a smaller scope 
    > will not take the project security to the highest levels. The OpenBMC 
    > project itself should perform security work needed by various 
    > big-picture security schemes (such as listed above).  This includes 
    > not only features like transport security and authentication, but also 
    > documentation, evidence of design and code reviews, testing, and bug 
    > fixes, as required by big-picture secure engineering mandates.  Yes, 
    > the project does all that already, but that work does not have a 
    > security context.  I would like to help define that context.
    >
    > Would it be helpful to show how more targeted guidelines from OWASP, 
    > OCP, and CSIS fit into the big-picture schemes?
    > [OWASP]: https://www.owasp.org/ 
    > [OCP]: https://www.opencompute.org/wiki/Security 
    > [CSIS]: 
    > https://github.com/opencomputeproject/Security/blob/master/SecureFirmwareDevelopmentBestPractices.md
    >
    > NOTE: This is a refresh of the effort started in the [security working 
    > group][] under the headings of "security assurance workflow" and 
    > "applicable standards".
    > [security working group]: 
    > https://github.com/openbmc/openbmc/wiki/Security-working-group
    >
    > ## Footnote 2 - Elements of high-level security schemes
    >
    > Here are three high-level security schemes.  Is this the right set of 
    > schemes?
    > I've started to break these down.
    >
    > ==> Microsoft Security Engineering
    > https://www.microsoft.com/en-us/securityengineering 
    > Security Development Lifecycle (SDL)
    > Operational Security Assurance (OSA)
    > Open Source Security
    > (Will someone help articulate which elements apply to OpenBMC?)
    >
    > ==> Common Criteria
    > https://www.commoncriteriaportal.org/cc/ 
    > Functional requirements:
    > - Security Audit (audit logs)
    > - Communication
    > - Cryptographic Support
    > - User data protection
    > - Authentication
    > - Security Management
    > - Privacy
    > - Protection of the BMC
    > - Resource Utilization
    > - BMC access, Trusted paths
    > Assurance requirements:
    > - Document BMC architecture and configuration
    > - Development (architecture, functions spec, implementation)
    > - Internal representation (source code)
    > - Guidance documentation
    > - Life-cycle support
    > - Tests
    > - Vulnerability Assessment.
    > Note: I've annotated and substituted some terminology to make this 
    > more readable (for example, TOE means BMC).  Also, I've skipped over 
    > some topics and grossly oversimplified others.  My goal is to make 
    > this list understandable to the BMC community and the organize OpenBMC 
    > work so it can be understood by security folks who do not have a BMC 
    > background.
    >
    > ==> IBM Secure Engineering
    > ibm.com/redbooks: Security in Development, The IBM Secure Engineering 
    > Framework
    > Development process: protect source code, planing, testing
    > Product lifecycle management: vulnerabilities, fixes
    > Secure Engineering Framework:
    > - Education and awareness
    > - Project Planning
    > - Risk assessment and threat modeling
    > - Security requirements
    > - Secure coding
    > - Test and vulnerability assessment
    > - Documentation
    > - Incident response
    > - Supply chain
    >
    > Includes https://www.ibm.com/trust/security-spbd 
    > - Assessment
    > - Threat Model
    > - Code Scan
    > - Security Tests
    > - Penetration Test
    > - Vulnerability Management
    >



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: OpenBMC Learning Series - list of security topics
       [not found]     ` <9bfccd5e-79ae-f1fb-6771-0514e3d1b2fd@preossec.com>
@ 2020-10-16 18:06       ` Joseph Reynolds
  0 siblings, 0 replies; 7+ messages in thread
From: Joseph Reynolds @ 2020-10-16 18:06 UTC (permalink / raw)
  To: Lee Fisher, openbmc

On 10/15/20 5:39 PM, Lee Fisher wrote:
> Looks pretty good.
>
> One thing I'm concerned with: dev -vs- sysadmin focus.
>
> You need to cover dev focus for OpenBMC dev. But you also need to cover
> run-time use, by sysadmins/users, including security automation.
>
> Don't have a single set of OpenBMC security guidance for both audiences,
> they are very different.

Lee,  +cc:openbmc email list

Point taken.  I agree.  I'll have separate topics for the system 
integrator and the BMC admin.  Along with the existing set of topics for 
the development community (coding standards, static scans, etc.).

I started a BMC configuration guide here: 
https://github.com/openbmc/openbmc/wiki/Configuration-guide
and have just now separated the build -vs- admin sections.  I'll use it 
to guide the presentation.

Thank you!

- Joseph

> For example, see how the NIST Secure Boot docs are for implementors
> *AND* users, but most users will navigate through all the
> implementor-centric docs for run-time guidance. Similar problem with
> DMTF Redfish docs, blurring implementors and users.
>
> Sysadmins/users will need a checklist of guidance and some
> security/update automation tools. At least one tool for security checks,
> and one tool for firmware updates. Vendors will work hard to screw up
> the tools, when trying to make their platform vendor-centric, so be
> careful of that.
>
> Thanks.
>
> On 10/15/20 11:55 AM, Joseph Reynolds wrote:
>> On 10/9/20 12:33 PM, Joseph Reynolds wrote:
>>> On 7/24/20 7:13 PM, Sai Dasari wrote:
>>>> Team,
>>>>
>>>> Thanks to all volunteer speakers stepping up to share their
>>>> expertise with community. For speaker convenience, the sessions will
>>>> be held on two *TimeZones* (USA/PDT and INDIA/IST) on
>>>> *Thursdays@10AM* starting from 8/20 onwards.
>>>>
>>>> I encourage you to take a look at the shared doc @
>>>> https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing
>>>> for more information regarding this series. If you would like to see
>>>> more topics (either as speakers or new community members), please
>>>> feel free to add them for extending the topics in future sessions.
>>>>
>>> ...snip...
>>>
>>>
>>> Sai and the OpenBMC community,
>>>
>>> Here is my big-picture idea to organize OpenBMC's security effort. I
>>> hope this material will guide the project's overall security effort,
>>> including the learning series.
>> ...snip...
>>> For the learning series presentation, I suggest picking up a dozen or
>>> so categories from below, including authentication and user
>>> management, testing and coding, documentation and threat models,
>>> incident response, etc.  Does that sound right?
>> Sai, thanks for helping to push this forward.
>>
>>
>> OpenBMC community,
>>
>> We agreed [1] to a list "security topics" drawn from Microsoft
>> Security Engineering, Common Criteria, and IBM Secure Engineering. The
>> idea is that a project that uses OpenBMC and follows a similar
>> security approach should be able to find what they need in the OpenBMC
>> security topics, but the topics themselves are not tightly coupled to
>> any specific approach.  Then each of the OpenBMC security topics will
>> give whatever the project offers.
>>
>> [1]: General agreement at the 2020-10-14 OpenBMC security working
>> group meeting.  Notes here:
>> https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI
>>
>>
>> To clarify, I intend for these topics to be the organizing principle
>> for the security working group and the learning series.  I am not
>> announcing any intention to meet any guidelines, follow any specific
>> practices, or perform any security assessments.  One step at a time.
>>
>> Here is my initial proposal for topics.  This most certainly reflects
>> my bias.  Feel free to suggest corrections, changes, and additions.
>> - Education and awareness
>> - Threat model
>> - Code scans
>> - Security tests (includes dynamic scans and penetration testing)
>> - Vulnerability management and incident response
>> - Development process (include planning, designs, reviews, secure coding)
>> - Documentation (includes specs, architecture, designs, code, and
>> configuration) - see breakout below
>> - Incident response
>> - Guidance documentation (for downstream projects and for BMC admins)
>> - Supply chain (includes source code from Yocto and projects built
>> into the image)
>>
>> BMC security function documentation:
>> - Audit logs
>> - Communication paths
>> - Cryptographic support
>> - User data protection
>> - Authentication
>> - Security Management
>> - Privacy
>> - Protection of the BMC
>> - Resource Utilization
>> - BMC access, Trusted paths
>>
>> Excluded topics:
>> - Threat assessment - varies between use cases
>> - Supply chain (physical) - not applicable
>>
>> For the learning series presentation I propose one slide to motivate
>> why security focus is important, and another explain how OpenBMC
>> security topics relate to high-level security schemes and to more
>> focused guidance from OWASP, OCP, and CSIS.  Then slides for each
>> security topic.  My feeling is that even professional developers need
>> help to understand how everything relates back to security. :-)
>>
>> Let me know if you expect the learning series presentation to have any
>> specific content.
>>
>> - Joseph
>>
>>> - Joseph
>>>
>>> ## Footnote 1 - How we can use the world's best security schemes
>>>
>>> I foresee several difficulties in trying to apply the schemes:
>>> 1. The project has not agreed to any particular security scheme and
>>> is unlikely to choose one, because...
>>> 2. Performing any security evaluation is expensive in terms of
>>> person-hours investment by subject matter experts and we have limited
>>> resources, and...
>>> 3. The big-picture security schemes apply to an entire IT project
>>> (like a server) while OpenBMC is only source code for one part of any
>>> such project, so we cannot apply the full methodology.
>>>
>>> Why a big-picture scheme?  Security schemes that have a smaller scope
>>> will not take the project security to the highest levels. The OpenBMC
>>> project itself should perform security work needed by various
>>> big-picture security schemes (such as listed above).  This includes
>>> not only features like transport security and authentication, but
>>> also documentation, evidence of design and code reviews, testing, and
>>> bug fixes, as required by big-picture secure engineering mandates.
>>> Yes, the project does all that already, but that work does not have a
>>> security context.  I would like to help define that context.
>>>
>>> Would it be helpful to show how more targeted guidelines from OWASP,
>>> OCP, and CSIS fit into the big-picture schemes?
>>> [OWASP]: https://www.owasp.org/
>>> [OCP]: https://www.opencompute.org/wiki/Security
>>> [CSIS]:
>>> https://github.com/opencomputeproject/Security/blob/master/SecureFirmwareDevelopmentBestPractices.md
>>>
>>> NOTE: This is a refresh of the effort started in the [security
>>> working group][] under the headings of "security assurance workflow"
>>> and "applicable standards".
>>> [security working group]:
>>> https://github.com/openbmc/openbmc/wiki/Security-working-group
>>>
>>> ## Footnote 2 - Elements of high-level security schemes
>>>
>>> Here are three high-level security schemes.  Is this the right set of
>>> schemes?
>>> I've started to break these down.
>>>
>>> ==> Microsoft Security Engineering
>>> https://www.microsoft.com/en-us/securityengineering
>>> Security Development Lifecycle (SDL)
>>> Operational Security Assurance (OSA)
>>> Open Source Security
>>> (Will someone help articulate which elements apply to OpenBMC?)
>>>
>>> ==> Common Criteria
>>> https://www.commoncriteriaportal.org/cc/
>>> Functional requirements:
>>> - Security Audit (audit logs)
>>> - Communication
>>> - Cryptographic Support
>>> - User data protection
>>> - Authentication
>>> - Security Management
>>> - Privacy
>>> - Protection of the BMC
>>> - Resource Utilization
>>> - BMC access, Trusted paths
>>> Assurance requirements:
>>> - Document BMC architecture and configuration
>>> - Development (architecture, functions spec, implementation)
>>> - Internal representation (source code)
>>> - Guidance documentation
>>> - Life-cycle support
>>> - Tests
>>> - Vulnerability Assessment.
>>> Note: I've annotated and substituted some terminology to make this
>>> more readable (for example, TOE means BMC).  Also, I've skipped over
>>> some topics and grossly oversimplified others.  My goal is to make
>>> this list understandable to the BMC community and the organize
>>> OpenBMC work so it can be understood by security folks who do not
>>> have a BMC background.
>>>
>>> ==> IBM Secure Engineering
>>> ibm.com/redbooks: Security in Development, The IBM Secure Engineering
>>> Framework
>>> Development process: protect source code, planing, testing
>>> Product lifecycle management: vulnerabilities, fixes
>>> Secure Engineering Framework:
>>> - Education and awareness
>>> - Project Planning
>>> - Risk assessment and threat modeling
>>> - Security requirements
>>> - Secure coding
>>> - Test and vulnerability assessment
>>> - Documentation
>>> - Incident response
>>> - Supply chain
>>>
>>> Includes https://www.ibm.com/trust/security-spbd
>>> - Assessment
>>> - Threat Model
>>> - Code Scan
>>> - Security Tests
>>> - Penetration Test
>>> - Vulnerability Management
>>>


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, back to index

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-25  0:13 [Potential Spoof] OpenBMC Learning Series Sai Dasari
2020-10-09 17:33 ` OpenBMC Learning Series - security Joseph Reynolds
2020-10-09 19:51   ` Patrick Williams
2020-10-14 15:00     ` Joseph Reynolds
2020-10-15 18:55   ` OpenBMC Learning Series - list of security topics Joseph Reynolds
2020-10-15 19:33     ` Sai Dasari
     [not found]     ` <9bfccd5e-79ae-f1fb-6771-0514e3d1b2fd@preossec.com>
2020-10-16 18:06       ` Joseph Reynolds

Openbmc archive at lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/openbmc/0 openbmc/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 openbmc openbmc/ https://lore.kernel.org/openbmc \
		openbmc@lists.ozlabs.org openbmc@ozlabs.org
	public-inbox-index openbmc

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.ozlabs.lists.openbmc


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git