Re: Security Working Group meeting - Wednesday February 2

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Richardson <mcr@sandelman.ca>
To: openbmc <openbmc@lists.ozlabs.org>
Subject: Re: Security Working Group meeting - Wednesday February 2
Date: Thu, 03 Feb 2022 14:13:17 -0500	[thread overview]
Message-ID: <231809.1643915597@dooku> (raw)
In-Reply-To: <de58b515-0f0b-4e49-4955-f9144896d313@linux.ibm.com>

[-- Attachment #1: Type: text/plain, Size: 1227 bytes --]

Thanks for the great notes!

It would be good if this commit noted that socsec-sign is a tool that comes from AST.
Perhaps I can figure out how to do the gerrit dance and make the comments there.

It would also be good if the document which contains the details was noted in
the commit by name and/or document ID.  Yes, as I understand it's under NDA
but at least, if someone comes along and wants details, they'll know
exactly what they want details on.

In order to support signing the uboot images, and for the uboot image to
verify the flatenned image tree https://elinux.org/images/f/f4/Elc2013_Fernandes.pdf
then the manufacturer needs to maintain some set of signing keys.
There are many ways to do this.  Some time ago, I started an ontology
document about how to describe the different ways.

Your comments would be welcome on:
   https://github.com/mcr/idevid-security-considerations
and:
   https://datatracker.ietf.org/doc/draft-richardson-t2trg-idevid-considerations/

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

next prev parent reply	other threads:[~2022-02-03 19:23 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-02  3:24 Security Working Group meeting - Wednesday February 2 Joseph Reynolds
2022-02-02 21:21 ` Joseph Reynolds
2022-02-02 23:31   ` Andrew Jeffery
2022-02-03  5:05     ` Andrew Jeffery
2022-02-03 19:13   ` Michael Richardson [this message]
2022-02-04  7:21     ` Andrew Jeffery
2022-02-04 16:54       ` Michael Richardson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=231809.1643915597@dooku \
    --to=mcr@sandelman.ca \
    --cc=openbmc@lists.ozlabs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.