On Fri, Jan 17, 2014 at 3:21 PM, Chris Friesen
<chris.frie...@windriver.com>wrote:

> On 01/17/2014 04:20 PM, Devananda van der Veen wrote:
>
>  tl;dr, We should not be recycling bare metal nodes between untrusted
>> tenants at this time. There's a broader discussion about firmware
>> security going on, which, I think, will take a while for the hardware
>> vendors to really address.
>>
>
> What can the hardware vendors do?  Has anyone proposed a meaningful
> solution for the firmware issue?
>
> Given the number of devices (NIC, GPU, storage controllers, etc.) that
> could potentially have firmware update capabilities it's not clear to me
> how this could be reliably solved.
>
> Chris
>
>
Precisely.

That's what I mean by "there's a broader discussion." We can encourage
hardware vendors to take firmware security more seriously and add
out-of-band validation mechanisms to their devices. From my perspective,
the industry is moving in that direction already, though raising awareness
directly with your preferred vendors can't hurt ;)

-Deva
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to