archive mirror
 help / color / mirror / Atom feed
From: Joseph Reynolds <>
To: openbmc <>
Subject: Re: Security Working Group meeting - Wednesday September 18
Date: Wed, 18 Sep 2019 15:51:06 -0500	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On 9/17/19 6:32 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday September 18 at 10:00am PDT.
> Current topics:
> - Development work:
>     1. IPMI authority question - 

>     2. Multiple admin security question - 

> - OCP Secure Firmware Development Best Practices ( 

> - Expired password design

Thanks to everyone who attended the meeting.  The minutes are in the 
link below.  Click the link, then click "Meeting Minutes". Highlights:

- We discussed the design and implementation of IPMI authority 
Role=admin access.
- We discussed the expired password design, including interfaces that 
will be able to change the password.
- We briefly reviewed the existence of the OpenBMC network threat model 
and the overall BMC threat model currently in review.
- We glanced at the mutual TLS (mTLS) reviews in progress

- We discussed the desire and plans to deprecate out-of-band IPMI 
network access to the BMC.  I'll send an email with more on this topic.
- We discussed emerging firmware recommendations such as the "CSIS 
Secure Firmware Development Best Practices" and how we would use those 

- Joseph

> Access, agenda, and notes are in the wiki:
> - Joseph

  reply	other threads:[~2019-09-18 20:51 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-17 23:32 Security Working Group meeting - Wednesday September 18 Joseph Reynolds
2019-09-18 20:51 ` Joseph Reynolds [this message]
2021-08-18 13:54 Joseph Reynolds
2021-08-18 17:33 ` Patrick Williams
2021-08-18 19:12   ` Joseph Reynolds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).