[openstack-dev] [ironic] Disk Eraser

Devananda van der Veen devananda.vdv at gmail.com
Sat Jan 18 02:01:52 UTC 2014


On Fri, Jan 17, 2014 at 3:21 PM, Chris Friesen
<chris.friesen at windriver.com>wrote:

> On 01/17/2014 04:20 PM, Devananda van der Veen wrote:
>
>  tl;dr, We should not be recycling bare metal nodes between untrusted
>> tenants at this time. There's a broader discussion about firmware
>> security going on, which, I think, will take a while for the hardware
>> vendors to really address.
>>
>
> What can the hardware vendors do?  Has anyone proposed a meaningful
> solution for the firmware issue?
>
> Given the number of devices (NIC, GPU, storage controllers, etc.) that
> could potentially have firmware update capabilities it's not clear to me
> how this could be reliably solved.
>
> Chris
>
>
Precisely.

That's what I mean by "there's a broader discussion." We can encourage
hardware vendors to take firmware security more seriously and add
out-of-band validation mechanisms to their devices. From my perspective,
the industry is moving in that direction already, though raising awareness
directly with your preferred vendors can't hurt ;)

-Deva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140117/21f9add4/attachment.html>


More information about the OpenStack-dev mailing list