^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) .. _embargoed_hardware_issues:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) Embargoed hardware issues
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) =========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) Scope
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) -----
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) Hardware issues which result in security problems are a different category
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) of security bugs than pure software bugs which only affect the Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) kernel.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) Hardware issues like Meltdown, Spectre, L1TF etc. must be treated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) differently because they usually affect all Operating Systems ("OS") and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) therefore need coordination across different OS vendors, distributions,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) hardware vendors and other parties. For some of the issues, software
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) mitigations can depend on microcode or firmware updates, which need further
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) coordination.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) .. _Contact:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) Contact
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) -------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) The Linux kernel hardware security team is separate from the regular Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) kernel security team.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) The team only handles the coordination of embargoed hardware security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) issues. Reports of pure software security bugs in the Linux kernel are not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) handled by this team and the reporter will be guided to contact the regular
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) Linux kernel security team (:ref:`Documentation/admin-guide/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) <securitybugs>`) instead.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) The team can be contacted by email at <hardware-security@kernel.org>. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) is a private list of security officers who will help you to coordinate an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) issue according to our documented process.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) The list is encrypted and email to the list can be sent by either PGP or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) S/MIME encrypted and must be signed with the reporter's PGP key or S/MIME
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) certificate. The list's PGP key and S/MIME certificate are available from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) the following URLs:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) - PGP: https://www.kernel.org/static/files/hardware-security.asc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) - S/MIME: https://www.kernel.org/static/files/hardware-security.crt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) While hardware security issues are often handled by the affected hardware
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) vendor, we welcome contact from researchers or individuals who have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) identified a potential hardware flaw.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) Hardware security officers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) ^^^^^^^^^^^^^^^^^^^^^^^^^^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) The current team of hardware security officers:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) - Linus Torvalds (Linux Foundation Fellow)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) - Greg Kroah-Hartman (Linux Foundation Fellow)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) - Thomas Gleixner (Linux Foundation Fellow)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) Operation of mailing-lists
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) ^^^^^^^^^^^^^^^^^^^^^^^^^^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) The encrypted mailing-lists which are used in our process are hosted on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) Linux Foundation's IT infrastructure. By providing this service, members
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) of Linux Foundation's IT operations personnel technically have the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) ability to access the embargoed information, but are obliged to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) confidentiality by their employment contract. Linux Foundation IT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) personnel are also responsible for operating and managing the rest of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) kernel.org infrastructure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) The Linux Foundation's current director of IT Project infrastructure is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) Konstantin Ryabitsev.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) Non-disclosure agreements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) -------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) The Linux kernel hardware security team is not a formal body and therefore
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) unable to enter into any non-disclosure agreements. The kernel community
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) is aware of the sensitive nature of such issues and offers a Memorandum of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) Understanding instead.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) Memorandum of Understanding
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) ---------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) The Linux kernel community has a deep understanding of the requirement to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) keep hardware security issues under embargo for coordination between
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) different OS vendors, distributors, hardware vendors and other parties.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) The Linux kernel community has successfully handled hardware security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) issues in the past and has the necessary mechanisms in place to allow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) community compliant development under embargo restrictions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) The Linux kernel community has a dedicated hardware security team for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) initial contact, which oversees the process of handling such issues under
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) embargo rules.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) The hardware security team identifies the developers (domain experts) who
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) will form the initial response team for a particular issue. The initial
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) response team can bring in further developers (domain experts) to address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) the issue in the best technical way.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) All involved developers pledge to adhere to the embargo rules and to keep
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) the received information confidential. Violation of the pledge will lead to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) immediate exclusion from the current issue and removal from all related
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) mailing-lists. In addition, the hardware security team will also exclude
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) the offender from future issues. The impact of this consequence is a highly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) effective deterrent in our community. In case a violation happens the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) hardware security team will inform the involved parties immediately. If you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) or anyone becomes aware of a potential violation, please report it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) immediately to the Hardware security officers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) Process
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) ^^^^^^^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) Due to the globally distributed nature of Linux kernel development,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) face-to-face meetings are almost impossible to address hardware security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) issues. Phone conferences are hard to coordinate due to time zones and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) other factors and should be only used when absolutely necessary. Encrypted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) email has been proven to be the most effective and secure communication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) method for these types of issues.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) Start of Disclosure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) """""""""""""""""""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) Disclosure starts by contacting the Linux kernel hardware security team by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) email. This initial contact should contain a description of the problem and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) a list of any known affected hardware. If your organization builds or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) distributes the affected hardware, we encourage you to also consider what
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) other hardware could be affected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) The hardware security team will provide an incident-specific encrypted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) mailing-list which will be used for initial discussion with the reporter,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) further disclosure and coordination.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) The hardware security team will provide the disclosing party a list of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) developers (domain experts) who should be informed initially about the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) issue after confirming with the developers that they will adhere to this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) Memorandum of Understanding and the documented process. These developers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) form the initial response team and will be responsible for handling the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) issue after initial contact. The hardware security team is supporting the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) response team, but is not necessarily involved in the mitigation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) development process.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) While individual developers might be covered by a non-disclosure agreement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) via their employer, they cannot enter individual non-disclosure agreements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) in their role as Linux kernel developers. They will, however, agree to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) adhere to this documented process and the Memorandum of Understanding.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) The disclosing party should provide a list of contacts for all other
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) entities who have already been, or should be, informed about the issue.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) This serves several purposes:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) - The list of disclosed entities allows communication accross the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) industry, e.g. other OS vendors, HW vendors, etc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) - The disclosed entities can be contacted to name experts who should
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) participate in the mitigation development.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) - If an expert which is required to handle an issue is employed by an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) listed entity or member of an listed entity, then the response teams can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) request the disclosure of that expert from that entity. This ensures
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) that the expert is also part of the entity's response team.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) Disclosure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) """"""""""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) The disclosing party provides detailed information to the initial response
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) team via the specific encrypted mailing-list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) From our experience the technical documentation of these issues is usually
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) a sufficient starting point and further technical clarification is best
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) done via email.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) Mitigation development
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) """"""""""""""""""""""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) The initial response team sets up an encrypted mailing-list or repurposes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) an existing one if appropriate.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) Using a mailing-list is close to the normal Linux development process and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) has been successfully used in developing mitigations for various hardware
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) security issues in the past.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) The mailing-list operates in the same way as normal Linux development.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) Patches are posted, discussed and reviewed and if agreed on applied to a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) non-public git repository which is only accessible to the participating
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) developers via a secure connection. The repository contains the main
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) development branch against the mainline kernel and backport branches for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) stable kernel versions as necessary.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) The initial response team will identify further experts from the Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) kernel developer community as needed. Bringing in experts can happen at any
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) time of the development process and needs to be handled in a timely manner.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) If an expert is employed by or member of an entity on the disclosure list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) provided by the disclosing party, then participation will be requested from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) the relevant entity.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) If not, then the disclosing party will be informed about the experts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) participation. The experts are covered by the Memorandum of Understanding
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) and the disclosing party is requested to acknowledge the participation. In
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) case that the disclosing party has a compelling reason to object, then this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) objection has to be raised within five work days and resolved with the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) incident team immediately. If the disclosing party does not react within
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) five work days this is taken as silent acknowledgement.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) After acknowledgement or resolution of an objection the expert is disclosed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) by the incident team and brought into the development process.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) Coordinated release
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) """""""""""""""""""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) The involved parties will negotiate the date and time where the embargo
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) ends. At that point the prepared mitigations are integrated into the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) relevant kernel trees and published.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) While we understand that hardware security issues need coordinated embargo
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) time, the embargo time should be constrained to the minimum time which is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) required for all involved parties to develop, test and prepare the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) mitigations. Extending embargo time artificially to meet conference talk
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) dates or other non-technical reasons is creating more work and burden for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) the involved developers and response teams as the patches need to be kept
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) up to date in order to follow the ongoing upstream kernel development,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) which might create conflicting changes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) CVE assignment
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) """"""""""""""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) Neither the hardware security team nor the initial response team assign
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) CVEs, nor are CVEs required for the development process. If CVEs are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) provided by the disclosing party they can be used for documentation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) purposes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) Process ambassadors
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) -------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) For assistance with this process we have established ambassadors in various
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) organizations, who can answer questions about or provide guidance on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) reporting process and further handling. Ambassadors are not involved in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) disclosure of a particular issue, unless requested by a response team or by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) an involved disclosed party. The current ambassadors list:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) ============= ========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) ARM Grant Likely <grant.likely@arm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) AMD Tom Lendacky <tom.lendacky@amd.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) IBM Z Christian Borntraeger <borntraeger@de.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) IBM Power Anton Blanchard <anton@linux.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) Intel Tony Luck <tony.luck@intel.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) Qualcomm Trilok Soni <tsoni@codeaurora.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) Microsoft James Morris <jamorris@linux.microsoft.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) VMware
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) Xen Andrew Cooper <andrew.cooper3@citrix.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) Canonical John Johansen <john.johansen@canonical.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) Debian Ben Hutchings <ben@decadent.org.uk>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) Oracle Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) Red Hat Josh Poimboeuf <jpoimboe@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) SUSE Jiri Kosina <jkosina@suse.cz>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) Amazon
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) Google Kees Cook <keescook@chromium.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) ============= ========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) If you want your organization to be added to the ambassadors list, please
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) contact the hardware security team. The nominated ambassador has to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) understand and support our process fully and is ideally well connected in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) the Linux kernel community.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) Encrypted mailing-lists
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) -----------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) We use encrypted mailing-lists for communication. The operating principle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) of these lists is that email sent to the list is encrypted either with the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) list's PGP key or with the list's S/MIME certificate. The mailing-list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) software decrypts the email and re-encrypts it individually for each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) subscriber with the subscriber's PGP key or S/MIME certificate. Details
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) about the mailing-list software and the setup which is used to ensure the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) security of the lists and protection of the data can be found here:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) https://korg.wiki.kernel.org/userdoc/remail.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) List keys
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) ^^^^^^^^^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) For initial contact see :ref:`Contact`. For incident specific mailing-lists
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) the key and S/MIME certificate are conveyed to the subscribers by email
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) sent from the specific list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) Subscription to incident specific lists
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) Subscription is handled by the response teams. Disclosed parties who want
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) to participate in the communication send a list of potential subscribers to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) the response team so the response team can validate subscription requests.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) Each subscriber needs to send a subscription request to the response team
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) by email. The email must be signed with the subscriber's PGP key or S/MIME
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) certificate. If a PGP key is used, it must be available from a public key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) server and is ideally connected to the Linux kernel's PGP web of trust. See
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) also: https://www.kernel.org/signature.html.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) The response team verifies that the subscriber request is valid and adds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) the subscriber to the list. After subscription the subscriber will receive
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) email from the mailing-list which is signed either with the list's PGP key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) or the list's S/MIME certificate. The subscriber's email client can extract
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) the PGP key or the S/MIME certificate from the signature so the subscriber
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) can send encrypted email to the list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags