====== CIP Technical Steering Committee Meeting ====== Date: 9 July, 2018 ===== Roll Call ===== TSC members * Attendees * Masashi Kudo (Cybertrust) * Nobuhiro Iwamatsu (Cybertrust) (Representative) * Hiroshi Mine (Hitachi) * Hidehiro Kawai (Hitachi) (Representative) (Voting) * Masato Minda (Plat’Home) (Representative) * Takehisa Katayama (Renesas) (Voting) * Chris Paterson (Renesas) * Wolfgang Mauerer (Siemens) (Representative) (Voting) * Dinesh Kumar (Toshiba India) * Daniel Sangorrin (Toshiba) * Yoshi Kobayashi (Toshiba) (Representative) (Voting) - Chair * ===== Discussions ===== ==== Action items from F2F meeting ==== * Reproducible builds * YOSHI: Arrange a meeting with Chris Lamb * Status: Had a meeting with Chris.L. CIP board will decide where we go. * Kernel development for next CIP kernel * MOXA: Send the board support package to upstream * SZ: Working in progress * Spectre/Meltdown * Gregkh slides * [[https://github.com/gregkh/presentation-spectre|https://github.com/gregkh/presentation-spectre]] * LazyFP information * [[http://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html|http://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html]] * Daniel.S is backporting the rest of patches for it. * Arm vulnerability list: [[https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability|https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability]] * Renesas wants to backport Spectre/Meltdown mitigations on 4.4.y * Spectre variant 1 * For x86 only backport 2nd wave of patches * Many drivers still need to be fixed * Spectre variant 2 * No patches available for ARM * Meltdown (variant 3/3a) for ARM * Only required for Cortex-a75/72/57/15 (RZ/G1) * Spectre variant 4 * No patches available for ARM * AI: tidy up this information * Cybertrust is interested in this issue. * Planning to provide first revision of patch. * Not sure on timescales yet though. * Patches would need to be ported from upstream to LTS v4.4. * Kernel maintainer * Cybertrust: AI(CTJ) Check possible options for kernel maintenance * CTJ answered to CIP * Iwamatsu-san will be CIP kernel maintainer (20% to Sep, 40% from Oct.). * Katayama-san * If CIP itself has maintainer from CTJ, it is good situation. * Maintainer should be one person. * Iwamatsu * Considering the maintenance system, I think that one person is better. * AI(Yoshi): Ask to vote. * * CIP Core * Codethink: Ask to Ben.H to get a feedback from Debian-LTS * DebConf * AI(LF): Send booth materials to DebConf (Table cover and roll stand). * Shipping information * Address for shipping items to DebConf: AnHui Lee, Microelectronics and Information Research Center, National Chiao Tung University No.1001, University Rd., East Dist., Hsinchu City 300, Taiwan (R.O.C.) +886-3-5712121*31944 Please label with //company name// and " //DebConf18 - job fair// " * **Moxa: Due to event conflict, Moxa won't be able to demo products.** * **Giveaways: CIP LEGO** * **Whitepaper** * **AI(LF/TSC): make sure when it is ready.** * ELC-E * AI: Yoshi: Submit a talk to ELC-E * Under review process. * ==== CIP Core packages ==== * Work towards finalising selection? * Minimal, optimal or others? * Discussion: Which package list will be submitted to Debian LTS? * Daniel S. has interesting ideas about how to prioritise the list of packages we have collected. * These ideas, based on prioritising the list through security related criteria will be explained in the cip-dev mailing list. * Ben H. will evaluate these criteria and its impact before attending to DebConf. * Based on Ben H. feedback, CIP will decide to contact the Freexian leads before the DebConf or not. * Criteria for prioritizing security fixes: - Member package lists * [[https://docs.google.com/spreadsheets/d/1hrhYnDYSxeA-ZXaHB329-CzgY8H4H5iHXP1AeFFdJDc/|List of packages]] (see "SHARED Package List - Pivot Table" tab) - CVEs with high "base score", high "impact score", high "exploitability score", and low "attack complexity" - Network software (CVEs with "Access Vector (AV): Network") - Security software - Language runtimes/compilers * AI(Daniel.S): Send to public mail list to get feedback. ==== DebConf ==== * Who will attend? The last day to confirm attendance is 6/21 * Ben, Wolfgang, SZ, Nobu, Kazu and Yoshi * Booth should be managed by Wolfgang, SZ, Nobu, Kazu and Yoshi. * Job fair will be held 28th July(Sat). * Kazu and Nobu (and maybe SZ) * AI(Yoshi) ask to them to run the booth. * CIP will have a booth. * Address for shipping items to DebConf: AnHui Lee, Microelectronics and Information Research Center, National Chiao Tung University No.1001, University Rd., East Dist., Hsinchu City 300, Taiwan (R.O.C.) +886-3-5712121*31944 ==== AI(LF): Send booth materials to DebConf (Table cover and roll stand). ==== ==== Kernel maintenance and testing ==== === Kernel maintenance === * Working on a new kernel release prior to OSSJ === Testing === * KernelCI vs Squad * [[https://qa-reports.linaro.org/|https://qa-reports.linaro.org/]] * [[https://github.com/Linaro/squad|https://github.com/Linaro/squad]] ==== CIP Testing ==== * CIP decide to move to centralized environment * B@D status * Distributed LAVA server/lab status * Test case creation/contribution * Next steps * Setup KernelCI instance in centralized server * Put test results to KernelCI * Does any member already set up LAVA internally? * Moxa has jenkins/ LAVA testing system internally, Moxa can share it when it’s stable enough. * ==== Other topics ==== * SZ * COSCUP & openSUSE.Asia GNOME.Asia * [[https://2018.coscup.org/|https://2018.coscup.org/]] English Page [[https://2018.coscup.org/en|https://2018.coscup.org/en]] * AI(Yoshi): Send slide PPT file to SZ * # of Attendee: about 1000 * OpenChain will attend the conference