Issue #586 has been updated by Walter Sonius.
Nicholas Chin wrote in #note-2: > Autoport doesn't generate the contents of those logs directly; it runs other > tools and then parses the output of some of them. Currently it runs > `acpidump`, which dumps the binary contents of all the ACPI tables as > hexadecimal to the aucpidump.log file. Acpidump does have a `-b` flag which > dumps them to separate binary files, which would make it easier to redact > individual tables such as the SLIC table. So perhaps a solution is to change > the command autoport runs to `acpidump -b` and then delete the slic.dat file > by default with a message saying it has been deleted to protect their > activation key. A flag for "unredacted mode" could also be added to include > it and any other things that might be wiped in the future, in case the user > doesn't intend to post the logs and is just running autoport as a convenient > log dumper for their own use. Thanks for explaining, technically all tools are functioning "correctly" but `autoport` already greets us with 2 questions, maybe a 3rd question or reminder that `autoport` data/logs might include those valuable license data would be appropriate? > As you've said, there are other things that could be redacted like MAC > addresses or serial numbers, but some of that probably wouldn't scale well to > implement in autoport since there are many places such things may appear. MAC > addresses might show up in lspci register dumps for network cards, and > autoport can't account for every possible network card that's out there. > Serial numbers in standardized dmidecode entries might be possible to redact, > though there could also be non standard OEM entries that also contain some > information. I understand that this part with all its variation should not be the solution because there always will be some strange OEM variant not fitting the filter. > Ultimately the user is always responsible for what they post online; if there > are other things they do not wish to include it is up to them to ensure it is > not included. Still true, but a warning(blocking) just before starting `autoport` with references to parts of the ACPI/DSDT dump that might need manual cleanup could be helpful? ---------------------------------------- Bug #586: autoport should sanitize at least its ACPI DSDT SLIC/MSDM key dumps? https://ticket.coreboot.org/issues/586#change-2040 * Author: Walter Sonius * Status: Response Needed * Priority: Urgent * Target version: master * Start date: 2025-03-23 ---------------------------------------- Some might even want other info like MAC addresses or serial numbers to be cleared from the autoport dumps, but could at least these SLIC/MSDM activation keys be wiped by default when doing a log dump? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
