09:00:02 <masashi910> #startmeeting CIP IRC weekly meeting
09:00:02 <brlogger`> Meeting started Thu Mar 19 09:00:02 2020 UTC and is due to finish in 60 minutes.  The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:00:02 <brlogger`> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:00:02 <brlogger`> The meeting name has been set to 'cip_irc_weekly_meeting'
09:00:06 <masashi910> #topic rollcall
09:00:13 <wens> hi
09:00:14 <masashi910> please say hi if you're around
09:00:27 <suzuki42> hi
09:00:32 <yoshidak[m]> hi
09:00:41 <patersonc> hi
09:00:57 <masashi910> #topic AI review
09:01:07 <masashi910> 1. Combine root filesystem with kselftest binary - Iwamatsu-san
09:01:13 <masashi910> Quote from Iwamatsu-san "No update."
09:01:22 <masashi910> 2. Assign the owner of "CIP kernel config" - masashi910
09:01:31 <masashi910> bwh: are you around?
09:02:06 <masashi910> Quote from Iwamatsu-san "Note; If no one is owner, I can do it."
09:02:16 <masashi910> Are there any objections?
09:03:06 <masashi910> pave1: Are you around?
09:03:58 <masashi910> So, let me check with them just in case.
09:04:07 <masashi910> 3. Strengthen sustainable process to backport patches from Mainline/LTS - Kernel Team
09:04:14 <masashi910> This is under discussion among the Kernel team.
09:04:19 <masashi910> I will share when we reach some consensus.
09:04:28 <masashi910> 4. Upload a guideline for reference hardware platform addition - masashi910
09:04:35 <masashi910> No updates this week. Probably updates can be reported around June timeframe.
09:04:42 <masashi910> #topic kernel maintenance updates
09:04:48 <masashi910> == Quote from Iwamatsu-san ==
09:04:53 <masashi910> I was late, I released new CIP kernels.
09:04:54 <masashi910> https://lists.cip-project.org/pipermail/cip-dev/2020-March/004516.html
09:04:54 <masashi910> ====
09:05:23 <wens> new CVE related to Intel SGX; since the driver is out-of-tree, we can ignore it for now
09:05:28 <wens> nothing else this week
09:05:43 <masashi910> wens: Thanks for your update!
09:05:50 <wens> oh, CVE related to incomplete fix for Intel GPUs from last week
09:06:07 <wens> Ubuntu picked 8 patches for their 4.15 branch
09:06:34 <wens> we think it only affects 4.14 and 4.9 stable branches, but I don't have the hardware to test it
09:06:37 <pave1> I reviewed part of 4.19.111. Still fighting with de0-nano board -- I need that for -rt release.
09:07:09 <pave1> I have the backport of "net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_look\
09:07:28 <pave1> up" but not much ability to test it.
09:07:36 <masashi910> wens: Thanks for your note. Do you have any idea to proceed this?
09:07:51 <wens> see https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2020-8832.yml if you are interested
09:08:37 <wens> masashi910: someone with gen9 Intel graphics should test 4.9 and 4.14 and see if it still leaks info.
09:09:06 <masashi910> wens: According to your comment, it does not relate to SLTS4.4/4.19. If that is the case, can we leave it for now?
09:09:45 <wens> masashi910: we could, yes
09:10:16 <masashi910> wens: Thanks!
09:10:32 <wens> FYI, gen9 graphics means Skylake (ix-6xxx) and later, before Ice Lake
09:11:09 <masashi910> pave1: Do you think it still take time to fix de0-nano board issues?
09:11:46 <masashi910> pave1: I am concerned that rt release is now blocked for a while.
09:12:00 <pave1> masashi: I'll need to re-check if the board is responding now.
09:12:28 <pave1> masashi: Well, I could release -rt with known failure, but...
09:12:33 <patersonc> pave1: Sorry about the download issues at the Mentor lab ;(
09:12:52 <pave1> masashi: ...I'd rather not do that.
09:13:33 <pave1> masashi: If someone urgently needs updated -rt, of course I can push it somewhere and them use it on their own risk.
09:13:58 <pave1> masashi: Or maybe I can ignore test lab and try to test it locally on similar board.
09:14:08 <masashi910> pave1: Let's wait for the fix of the board.
09:15:13 <patersonc> pave1: What the actual problem? You can never run tests on the board or that they fail?
09:15:18 <masashi910> If someone would like to have rt release urgently, please speak up.
09:15:49 <masashi910> pave1: Thanks for your backporting the patch as well.
09:15:59 <pave1> patersonc: Lets talk after the end of irc.
09:16:28 <masashi910> patersonc, pave1: Thanks.
09:16:37 <pave1> masashi: You are welcome. If there's more to backport, let me know.
09:16:58 <patersonc> Sure
09:16:59 <masashi910> pave1: Sure!
09:17:10 <masashi910> any other topics?
09:17:17 <masashi910> 3
09:17:20 <masashi910> 2
09:17:23 <masashi910> 1
09:17:24 <masashi910> #topic Kernel testing
09:17:32 <masashi910> patersonc: the floor is yours
09:17:49 <patersonc> Hello
09:18:07 <patersonc> We're still seeing d/l speed issues at the Mentor lab, sorry
09:18:16 <patersonc> And some of the boards are offline at the Renesas lab due to a USB connection issue
09:18:49 <patersonc> We still have at least 1 of each reference platform online though
09:19:04 <patersonc> I updated the wiki with the latest reference platforms
09:19:17 <patersonc> Not much else to say this week I think
09:19:37 <masashi910> patersonc: Thanks for your works!
09:19:54 <masashi910> any other topics?
09:20:02 <masashi910> 3
09:20:05 <masashi910> 2
09:20:08 <masashi910> 1
09:20:10 <masashi910> #topic CIP Core
09:20:16 <masashi910> == Quote from Kazu-san ==
09:20:21 <masashi910> There is no big update in CIP Core in this week.
09:20:28 <masashi910> I'm now creating the draft of CIP kernel & Core lifecycle tables, and want to share it to cip-dev to collect members' feedbacks.
09:20:35 <masashi910> From the next IRC meeting, Punit-san will take over CIP Core status update report.
09:20:39 <masashi910> ====
09:20:45 <masashi910> any other topics?
09:20:58 <masashi910> 3
09:21:01 <masashi910> 2
09:21:05 <masashi910> 1
09:21:06 <masashi910> #topic Software update
09:21:13 <suzuki42> Hello
09:21:19 <suzuki42> I'm still working on reviewing deby + meta-swupdate: https://gitlab.com/cip-project/cip-core/deby/-/issues/8
09:21:26 <suzuki42> I was successful to built it. Now I'm testing it.
09:21:33 <suzuki42> That's all from me.
09:21:47 <masashi910> suzuki42: Thanks for your works!
09:22:04 <masashi910> any other topics?
09:22:12 <masashi910> 3
09:22:17 <masashi910> 2
09:22:20 <masashi910> 1
09:22:22 <masashi910> #topic Security WG update
09:22:28 <masashi910> Yoshida-san, the floor is yours
09:22:34 <yoshidak[m]> Hi
09:22:39 <yoshidak[m]> 1. The progress of the certification
09:22:56 <yoshidak[m]> Waiting for GB approval for payment for the gap assessment.
09:22:57 <yoshidak[m]> We can get the estimate for certification after the gap assessment, so we need to get approval twice. This is the first one of them.
09:23:04 <yoshidak[m]> 2. Creating and testing our security packages
09:23:11 <yoshidak[m]> We have already created the image of our security package. Now we are trying to test the image, but we sould carefuly consider if we can share test cases because of copyrighting of the spec.
09:23:24 <yoshidak[m]> And under considering.
09:23:39 <yoshidak[m]> That's all.
09:23:46 <masashi910> yoshidak[m]: Thanks for your report!
09:24:01 <masashi910> Any queries?
09:24:12 <masashi910> 3
09:24:15 <pave1> Yes.
09:24:15 <masashi910> 2
09:24:24 <masashi910> pave1: Please.
09:25:05 <pave1> It would be good to create document about what kind of security problems we care, and what are out of scope.
09:25:47 <pave1> We are not a desktop system; and it make may sense to say that we don't care about problems where attacker is already running code on our system.
09:26:35 <pave1> I suspect that this may allow decisions such as "intel graphics info leak is not really that important for us".
09:27:16 <pave1> OTOH this needs some wide understanding of our users, so that our assumptions hold.
09:27:25 <yoshidak[m]> pave1: Yes. We should create document and define what is the threat for us and so on, to pass the assessment.
09:28:10 <yoshidak[m]> Currently, we don't have any document in my understanding. But we'll create it for this gap assessment phase.
09:28:29 <pave1> So, when you expect such document to be created?
09:29:38 <yoshidak[m]> The gap assessment will be start soon after getting approval, and then we create it with Exida. So, I guess around April/May.
09:30:44 <masashi910> pave1, yoshidak[m]: thanks for the discussion.
09:30:50 <pave1> Okay, thanks. Would it make sense to create ... very brief -- like 20 lines -- draft of that document sooner?
09:30:53 <yoshidak[m]> As you may know, Exida equals the certification body.
09:33:32 <yoshidak[m]> pave1: Yes, it make sense and helpful because it's a cornerstone of the security.
09:33:41 <pave1> Thank you!
09:33:48 <yoshidak[m]> We should define it first.
09:34:13 <masashi910> any other topics?
09:34:15 <yoshidak[m]> pave1: You're welcome!
09:34:30 <masashi910> 3
09:34:34 <masashi910> 2
09:34:37 <masashi910> 1
09:34:38 <masashi910> * AOB
09:34:48 <masashi910> #AOB
09:35:08 <masashi910> #topic AOB
09:35:17 <masashi910> 1. Summer Time
09:35:22 <masashi910> The summer saving time is starting. But please note that this IRC meeting starts at UTC (GMT) 09:00.
09:35:26 <masashi910> This is just reminder.
09:35:31 <masashi910> Are there any business matters to discuss?
09:35:51 <masashi910> 3
09:35:55 <masashi910> 2
09:35:58 <masashi910> 1
09:36:00 <masashi910> #endmeeting