On Fri, Jan 17, 2014 at 3:21 PM, Chris Friesen <[email protected]>wrote:
> On 01/17/2014 04:20 PM, Devananda van der Veen wrote: > > tl;dr, We should not be recycling bare metal nodes between untrusted >> tenants at this time. There's a broader discussion about firmware >> security going on, which, I think, will take a while for the hardware >> vendors to really address. >> > > What can the hardware vendors do? Has anyone proposed a meaningful > solution for the firmware issue? > > Given the number of devices (NIC, GPU, storage controllers, etc.) that > could potentially have firmware update capabilities it's not clear to me > how this could be reliably solved. > > Chris > > Precisely. That's what I mean by "there's a broader discussion." We can encourage hardware vendors to take firmware security more seriously and add out-of-band validation mechanisms to their devices. From my perspective, the industry is moving in that direction already, though raising awareness directly with your preferred vendors can't hurt ;) -Deva
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
