[openstack-dev] [ironic] Disk Eraser
Devananda van der Veen
devananda.vdv at gmail.com
Sat Jan 18 02:01:52 UTC 2014
On Fri, Jan 17, 2014 at 3:21 PM, Chris Friesen
<chris.friesen at windriver.com>wrote:
> On 01/17/2014 04:20 PM, Devananda van der Veen wrote:
>
> tl;dr, We should not be recycling bare metal nodes between untrusted
>> tenants at this time. There's a broader discussion about firmware
>> security going on, which, I think, will take a while for the hardware
>> vendors to really address.
>>
>
> What can the hardware vendors do? Has anyone proposed a meaningful
> solution for the firmware issue?
>
> Given the number of devices (NIC, GPU, storage controllers, etc.) that
> could potentially have firmware update capabilities it's not clear to me
> how this could be reliably solved.
>
> Chris
>
>
Precisely.
That's what I mean by "there's a broader discussion." We can encourage
hardware vendors to take firmware security more seriously and add
out-of-band validation mechanisms to their devices. From my perspective,
the industry is moving in that direction already, though raising awareness
directly with your preferred vendors can't hurt ;)
-Deva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140117/21f9add4/attachment.html>
More information about the OpenStack-dev
mailing list