Hi,
As discussed at the LDCG SC meeting in January, let's start a thread about
OpenBMC where we will try to understand if we should look into OpenBMC and
what the areas potentially could be. To get the discussion started I'm
starting the thread by asking a couple of questions. Don't feel obliged to
answer all of them. Pick the ones that are relevant for you. My goal is to
make a summary of the tread and bring it up for discussion again at a
future SC meeting.
1. Arm support
- Are there gaps in the Arm side of OpenBMC? What are those gaps?
- SBMR specification [1], what compliance levels to target? M1/M2 is one
somewhat good shape?
2. Upstreaming
- Are there sufficient upstreaming efforts for the Arm architectures?
3. Developer support
- Is source code available to developers (open source? proprietary?)?
-- SCP / MCP are not necessarily open source from vendors.
-- Arm's reference code is open source.
- Do we have the necessary hardware to be able to do development? What
hardware? How can developers get hold of it?
- Are specifications available to developers?
- What debugging capabilities exist for developers?
4. Testing
- What kind of testing do we have for OpenBMC?
- Is the testing sufficient?
- Does it require hardware or can we do testing using emulation or similar?
5. Security
- Cloud Security Industry Summit published a report [2] (A Case for a
Trustworthy BMC) where they list gaps in OpenBMC when it comes to security.
Anything in that report that we should pay attention to?
6. Anything else?
[1] https://documentation-service.arm.com/static/5fb7e810ca04df4095c1d658
[2]
https://cloudsecurityindustrysummit.s3.us-east-2.amazonaws.com/a-case-for-a…
A kind reminder that this is a public and open list.
--
Regards,
Joakim
