* Security Working Group meeting - Wednesday February 17
@ 2021-02-16 23:53 Joseph Reynolds
2021-02-17 23:19 ` Security Working Group meeting - Wednesday February 17 - results Joseph Reynolds
0 siblings, 1 reply; 3+ messages in thread
From: Joseph Reynolds @ 2021-02-16 23:53 UTC (permalink / raw)
To: openbmc
This is a reminder of the OpenBMC Security Working Group meeting
scheduled for this Wednesday February 17 at 10:00am PDT.
We'll discuss the following items on the agenda
<https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
and anything else that comes up:
1. Gerrit review FYI: log failed authentication attempts
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39872
2. Gerrit review FTI: tie-in between Redfish sessions and IPMI
sessions. Redfish will GET & DELETE IMPI sessions
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/37785
3. (Joseph) Discuss adding Web-based SSH to BMCWeb ~
https://github.com/ibm-openbmc/dev/issues/2243
Access, agenda and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group
<https://github.com/openbmc/openbmc/wiki/Security-working-group>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Security Working Group meeting - Wednesday February 17 - results
2021-02-16 23:53 Security Working Group meeting - Wednesday February 17 Joseph Reynolds
@ 2021-02-17 23:19 ` Joseph Reynolds
2021-02-17 23:55 ` Security Working Group - threat model progress Joseph Reynolds
0 siblings, 1 reply; 3+ messages in thread
From: Joseph Reynolds @ 2021-02-17 23:19 UTC (permalink / raw)
To: openbmc
On 2/16/21 5:53 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday February 17 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
> and anything else that comes up:
>
> 1. Gerrit review FYI: log failed authentication attempts
> https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39872
No discussion.
>
> 2. Gerrit review FTI: tie-in between Redfish sessions and IPMI
> sessions. Redfish will GET & DELETE IMPI sessions
> https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/37785
Why is this function needed?
>
> 3. (Joseph) Discuss adding Web-based SSH to BMCWeb ~
> https://github.com/ibm-openbmc/dev/issues/2243
Sounds good. But don’t call this SSH because it is not. Do the webui
part the same as the host console. Do the BMCWeb portion using a new
D-Bus service (do not fork in bmcweb).
Bonus topics:
4. Interested in improving the documentation for the OpenBMC interface
overview > Physical interfaces
<https://github.com/openbmc/docs/blob/master/architecture/interface-overview.md#physical-interfaces>?
https://github.com/openbmc/docs/blob/master/architecture/interface-overview.md#physical-interfaces
(See related review
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/40424.)
ANSWER: Yes, this is worthwhile. Add to the agenda for next time.
Is the ASCII art helpful or distracting?
We discusses some ideas: Diagram for BMC cards and PCIe cards.
Alternate Placement of TPMs, TOD battery.
5. Openssl released version 1.1.1j.
This led to a discussion of how much the OpenBMC project should be
tracking and announcing CVEs -- Security Incident Response Team (SIRT)
work. Currently various members are tracking this privately. Is it
even worthwhile, for example, for the OpenBMC project to announce that
CVE-whatever affects OpenBMC and the fix is going to the latest kernel
version going into OpenBMC commmit whatever? (No clear consensus was
reached.)
Inhibitors to open source SIRT work includes: (A) some members are
already doing this privately, and are not able to share due to
confidentiality and repeating in open source is just extra work, (B) we
are not all on the same release - that is: OpenBMC has not identified
any Long Term Support (LTS) releases.
At present, there is no OpenBMC effort to show which CVEs are fixed.
This is left as an exercise to interested downstream projects.
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Security Working Group - threat model progress
2021-02-17 23:19 ` Security Working Group meeting - Wednesday February 17 - results Joseph Reynolds
@ 2021-02-17 23:55 ` Joseph Reynolds
0 siblings, 0 replies; 3+ messages in thread
From: Joseph Reynolds @ 2021-02-17 23:55 UTC (permalink / raw)
To: openbmc
On 2/17/21 5:19 PM, Joseph Reynolds wrote:
> On 2/16/21 5:53 PM, Joseph Reynolds wrote:
>> This is a reminder of the OpenBMC Security Working Group meeting
>> scheduled for this Wednesday February 17 at 10:00am PDT.
[...snip...]
> 4. Interested in improving the documentation for the OpenBMC interface
> overview [...snip...]
I tried to capture the BMC threat model discussion from today's security
working group meeting. This gives the basic BMC architecture elements
from the [interface-overview][], supplemented by [OpenBMC features][],
and added some ideas from [network security considerations][]. I tried
to organize them at the level of abstraction needed for threat modeling:
physical elements first, a physical threat model boundary, and started
on the conceptual elements needed to describe the BMC's interfaces and
functions. Please consider this to be a simple incomplete draft
proposal. Help wanted.
The overall OpenBMC threat modeling effort is rooted in the [OpenBMC
security working group wiki][].
[OpenBMC security working group wiki]:
https://github.com/openbmc/openbmc/wiki/Security-working-group
[interface-overview]:
https://github.com/openbmc/docs/blob/master/architecture/interface-overview.md
[OpenBMC features]: https://github.com/openbmc/docs/blob/master/features.md
[network security considerations]:
https://github.com/openbmc/docs/blob/master/security/network-security-considerations.md
OpenBMC threat model components:
- Physical elements:
- BMC SoC on BMC card plugged into host system
- Optional cabinet encloses system and prevents physical access to
most controls
- BMC's network connection
- Optional BMC elements:
- TPM
- TOD clock with battery
- security jumpers
- serial port
- USB port
- Host elements:
- Power on/off control (to the BMC, and to the chassis)
- Control panel (power button, varies: LED or LCD displays, etc.)
- CPU
- Cooling fans and associated sensors: rotation speed and
temperature
- Serial UART for host console
- Keyboard, video, mouse
- Optional PCIe devices reachable by the BMC
- Candidates for the threat model boundary:
- The physical pins on the BMC card
- The BMC card plus elements under BMC's exclusing control:
- power button and related displays
- BMC's network interface, NC-SI or whatever
- Items that transition between BMC and host control: fans, console?
- Mention the enclosing cabinet (if present).
- Host elements the BMC interacts with:
- Host firmware upload
- Host booting status
- Host error logging
- Host requests to power off
- FRUs
- BMC functions: TODO
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-17 23:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 23:53 Security Working Group meeting - Wednesday February 17 Joseph Reynolds
2021-02-17 23:19 ` Security Working Group meeting - Wednesday February 17 - results Joseph Reynolds
2021-02-17 23:55 ` Security Working Group - threat model progress Joseph Reynolds
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).