From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=stewart@linux.vnet.ibm.com; receiver=) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3znYy36N7lzF1h4 for ; Fri, 23 Feb 2018 12:47:39 +1100 (AEDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1N1iWnB119522 for ; Thu, 22 Feb 2018 20:47:37 -0500 Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by mx0b-001b2d01.pphosted.com with ESMTP id 2ga82e2x6h-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 22 Feb 2018 20:47:37 -0500 Received: from localhost by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 22 Feb 2018 18:47:36 -0700 Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 22 Feb 2018 18:47:34 -0700 Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w1N1lYF557016424; Thu, 22 Feb 2018 18:47:34 -0700 Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 695906E03A; Thu, 22 Feb 2018 18:47:34 -0700 (MST) Received: from birb.localdomain (unknown [9.185.142.38]) by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP id EA16E6E035; Thu, 22 Feb 2018 18:47:33 -0700 (MST) Received: by birb.localdomain (Postfix, from userid 1000) id 7CA464E09A8; Fri, 23 Feb 2018 12:47:32 +1100 (AEDT) From: Stewart Smith To: Adriana Kobylak , openbmc@lists.ozlabs.org Subject: Re: BMC Image Signing Proposal In-Reply-To: <8172868d02b4f54ceaa101ba1c99fa5b@linux.vnet.ibm.com> References: <70e1d00f2f9abaea58ff3710d4fbcbff@linux.vnet.ibm.com> <7857d6b0-5c9b-63c1-4216-a737513a3f5a@yadro.com> <1517207425.21006.27.camel@aj.id.au> <87shaoymux.fsf@linux.vnet.ibm.com> <87lggezywe.fsf@linux.vnet.ibm.com> <3d38bc878a5b36f9091588d1fb842c1e@linux.vnet.ibm.com> <8172868d02b4f54ceaa101ba1c99fa5b@linux.vnet.ibm.com> Date: Fri, 23 Feb 2018 12:47:32 +1100 MIME-Version: 1.0 Content-Type: text/plain X-TM-AS-GCONF: 00 x-cbid: 18022301-8235-0000-0000-00000D0F0C32 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008579; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000254; SDB=6.00993692; UDB=6.00504944; IPR=6.00773032; MB=3.00019698; MTD=3.00000008; XFM=3.00000015; UTC=2018-02-23 01:47:36 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18022301-8236-0000-0000-00003FCA65A5 Message-Id: <874lm8pjd7.fsf@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-22_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1802230017 X-BeenThere: openbmc@lists.ozlabs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Development list for OpenBMC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 01:47:40 -0000 Adriana Kobylak writes: > Here are some charts with the image signing flow for comment: > > https://drive.google.com/file/d/1IxfMYRttN8RbhRY7PwBmXsqCBvtv_yLJ/view?usp=sharing Why are there changes to host pnor signing? We already have secure boot and signatures on the host side, I'm not keen on adding in another set of signatures into yet-another already non-standard and undocumented file format. -- Stewart Smith OPAL Architect, IBM.