09:00:02 <masashi910> #startmeeting CIP IRC weekly meeting 09:00:02 <brlogger`> Meeting started Thu Mar 19 09:00:02 2020 UTC and is due to finish in 60 minutes. The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot. 09:00:02 <brlogger`> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 09:00:02 <brlogger`> The meeting name has been set to 'cip_irc_weekly_meeting' 09:00:06 <masashi910> #topic rollcall 09:00:13 <wens> hi 09:00:14 <masashi910> please say hi if you're around 09:00:27 <suzuki42> hi 09:00:32 <yoshidak[m]> hi 09:00:41 <patersonc> hi 09:00:57 <masashi910> #topic AI review 09:01:07 <masashi910> 1. Combine root filesystem with kselftest binary - Iwamatsu-san 09:01:13 <masashi910> Quote from Iwamatsu-san "No update." 09:01:22 <masashi910> 2. Assign the owner of "CIP kernel config" - masashi910 09:01:31 <masashi910> bwh: are you around? 09:02:06 <masashi910> Quote from Iwamatsu-san "Note; If no one is owner, I can do it." 09:02:16 <masashi910> Are there any objections? 09:03:06 <masashi910> pave1: Are you around? 09:03:58 <masashi910> So, let me check with them just in case. 09:04:07 <masashi910> 3. Strengthen sustainable process to backport patches from Mainline/LTS - Kernel Team 09:04:14 <masashi910> This is under discussion among the Kernel team. 09:04:19 <masashi910> I will share when we reach some consensus. 09:04:28 <masashi910> 4. Upload a guideline for reference hardware platform addition - masashi910 09:04:35 <masashi910> No updates this week. Probably updates can be reported around June timeframe. 09:04:42 <masashi910> #topic kernel maintenance updates 09:04:48 <masashi910> == Quote from Iwamatsu-san == 09:04:53 <masashi910> I was late, I released new CIP kernels. 09:04:54 <masashi910> https://lists.cip-project.org/pipermail/cip-dev/2020-March/004516.html 09:04:54 <masashi910> ==== 09:05:23 <wens> new CVE related to Intel SGX; since the driver is out-of-tree, we can ignore it for now 09:05:28 <wens> nothing else this week 09:05:43 <masashi910> wens: Thanks for your update! 09:05:50 <wens> oh, CVE related to incomplete fix for Intel GPUs from last week 09:06:07 <wens> Ubuntu picked 8 patches for their 4.15 branch 09:06:34 <wens> we think it only affects 4.14 and 4.9 stable branches, but I don't have the hardware to test it 09:06:37 <pave1> I reviewed part of 4.19.111. Still fighting with de0-nano board -- I need that for -rt release. 09:07:09 <pave1> I have the backport of "net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_look\ 09:07:28 <pave1> up" but not much ability to test it. 09:07:36 <masashi910> wens: Thanks for your note. Do you have any idea to proceed this? 09:07:51 <wens> see https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2020-8832.yml if you are interested 09:08:37 <wens> masashi910: someone with gen9 Intel graphics should test 4.9 and 4.14 and see if it still leaks info. 09:09:06 <masashi910> wens: According to your comment, it does not relate to SLTS4.4/4.19. If that is the case, can we leave it for now? 09:09:45 <wens> masashi910: we could, yes 09:10:16 <masashi910> wens: Thanks! 09:10:32 <wens> FYI, gen9 graphics means Skylake (ix-6xxx) and later, before Ice Lake 09:11:09 <masashi910> pave1: Do you think it still take time to fix de0-nano board issues? 09:11:46 <masashi910> pave1: I am concerned that rt release is now blocked for a while. 09:12:00 <pave1> masashi: I'll need to re-check if the board is responding now. 09:12:28 <pave1> masashi: Well, I could release -rt with known failure, but... 09:12:33 <patersonc> pave1: Sorry about the download issues at the Mentor lab ;( 09:12:52 <pave1> masashi: ...I'd rather not do that. 09:13:33 <pave1> masashi: If someone urgently needs updated -rt, of course I can push it somewhere and them use it on their own risk. 09:13:58 <pave1> masashi: Or maybe I can ignore test lab and try to test it locally on similar board. 09:14:08 <masashi910> pave1: Let's wait for the fix of the board. 09:15:13 <patersonc> pave1: What the actual problem? You can never run tests on the board or that they fail? 09:15:18 <masashi910> If someone would like to have rt release urgently, please speak up. 09:15:49 <masashi910> pave1: Thanks for your backporting the patch as well. 09:15:59 <pave1> patersonc: Lets talk after the end of irc. 09:16:28 <masashi910> patersonc, pave1: Thanks. 09:16:37 <pave1> masashi: You are welcome. If there's more to backport, let me know. 09:16:58 <patersonc> Sure 09:16:59 <masashi910> pave1: Sure! 09:17:10 <masashi910> any other topics? 09:17:17 <masashi910> 3 09:17:20 <masashi910> 2 09:17:23 <masashi910> 1 09:17:24 <masashi910> #topic Kernel testing 09:17:32 <masashi910> patersonc: the floor is yours 09:17:49 <patersonc> Hello 09:18:07 <patersonc> We're still seeing d/l speed issues at the Mentor lab, sorry 09:18:16 <patersonc> And some of the boards are offline at the Renesas lab due to a USB connection issue 09:18:49 <patersonc> We still have at least 1 of each reference platform online though 09:19:04 <patersonc> I updated the wiki with the latest reference platforms 09:19:17 <patersonc> Not much else to say this week I think 09:19:37 <masashi910> patersonc: Thanks for your works! 09:19:54 <masashi910> any other topics? 09:20:02 <masashi910> 3 09:20:05 <masashi910> 2 09:20:08 <masashi910> 1 09:20:10 <masashi910> #topic CIP Core 09:20:16 <masashi910> == Quote from Kazu-san == 09:20:21 <masashi910> There is no big update in CIP Core in this week. 09:20:28 <masashi910> I'm now creating the draft of CIP kernel & Core lifecycle tables, and want to share it to cip-dev to collect members' feedbacks. 09:20:35 <masashi910> From the next IRC meeting, Punit-san will take over CIP Core status update report. 09:20:39 <masashi910> ==== 09:20:45 <masashi910> any other topics? 09:20:58 <masashi910> 3 09:21:01 <masashi910> 2 09:21:05 <masashi910> 1 09:21:06 <masashi910> #topic Software update 09:21:13 <suzuki42> Hello 09:21:19 <suzuki42> I'm still working on reviewing deby + meta-swupdate: https://gitlab.com/cip-project/cip-core/deby/-/issues/8 09:21:26 <suzuki42> I was successful to built it. Now I'm testing it. 09:21:33 <suzuki42> That's all from me. 09:21:47 <masashi910> suzuki42: Thanks for your works! 09:22:04 <masashi910> any other topics? 09:22:12 <masashi910> 3 09:22:17 <masashi910> 2 09:22:20 <masashi910> 1 09:22:22 <masashi910> #topic Security WG update 09:22:28 <masashi910> Yoshida-san, the floor is yours 09:22:34 <yoshidak[m]> Hi 09:22:39 <yoshidak[m]> 1. The progress of the certification 09:22:56 <yoshidak[m]> Waiting for GB approval for payment for the gap assessment. 09:22:57 <yoshidak[m]> We can get the estimate for certification after the gap assessment, so we need to get approval twice. This is the first one of them. 09:23:04 <yoshidak[m]> 2. Creating and testing our security packages 09:23:11 <yoshidak[m]> We have already created the image of our security package. Now we are trying to test the image, but we sould carefuly consider if we can share test cases because of copyrighting of the spec. 09:23:24 <yoshidak[m]> And under considering. 09:23:39 <yoshidak[m]> That's all. 09:23:46 <masashi910> yoshidak[m]: Thanks for your report! 09:24:01 <masashi910> Any queries? 09:24:12 <masashi910> 3 09:24:15 <pave1> Yes. 09:24:15 <masashi910> 2 09:24:24 <masashi910> pave1: Please. 09:25:05 <pave1> It would be good to create document about what kind of security problems we care, and what are out of scope. 09:25:47 <pave1> We are not a desktop system; and it make may sense to say that we don't care about problems where attacker is already running code on our system. 09:26:35 <pave1> I suspect that this may allow decisions such as "intel graphics info leak is not really that important for us". 09:27:16 <pave1> OTOH this needs some wide understanding of our users, so that our assumptions hold. 09:27:25 <yoshidak[m]> pave1: Yes. We should create document and define what is the threat for us and so on, to pass the assessment. 09:28:10 <yoshidak[m]> Currently, we don't have any document in my understanding. But we'll create it for this gap assessment phase. 09:28:29 <pave1> So, when you expect such document to be created? 09:29:38 <yoshidak[m]> The gap assessment will be start soon after getting approval, and then we create it with Exida. So, I guess around April/May. 09:30:44 <masashi910> pave1, yoshidak[m]: thanks for the discussion. 09:30:50 <pave1> Okay, thanks. Would it make sense to create ... very brief -- like 20 lines -- draft of that document sooner? 09:30:53 <yoshidak[m]> As you may know, Exida equals the certification body. 09:33:32 <yoshidak[m]> pave1: Yes, it make sense and helpful because it's a cornerstone of the security. 09:33:41 <pave1> Thank you! 09:33:48 <yoshidak[m]> We should define it first. 09:34:13 <masashi910> any other topics? 09:34:15 <yoshidak[m]> pave1: You're welcome! 09:34:30 <masashi910> 3 09:34:34 <masashi910> 2 09:34:37 <masashi910> 1 09:34:38 <masashi910> * AOB 09:34:48 <masashi910> #AOB 09:35:08 <masashi910> #topic AOB 09:35:17 <masashi910> 1. Summer Time 09:35:22 <masashi910> The summer saving time is starting. But please note that this IRC meeting starts at UTC (GMT) 09:00. 09:35:26 <masashi910> This is just reminder. 09:35:31 <masashi910> Are there any business matters to discuss? 09:35:51 <masashi910> 3 09:35:55 <masashi910> 2 09:35:58 <masashi910> 1 09:36:00 <masashi910> #endmeeting