Date: 23 July, 2018

TSC members

• Attendees
  • Agustin Benito Bethencourt (Codethink) (Representative)
  • Chris Paterson (Renesas)
  • Masashi Kudo (Cybertrust)
  • Hidehiro Kawai (Hitachi) (Representative) (Voting)
  • Masato Minda (Plat’Home) (Representative)
  • Takehisa Katayama (Renesas) (Representative) (Voting)
  • Wolfgang Mauerer (Siemens) (Representative) (Voting)
  • Dinesh Kumar (Toshiba India)
  • Yoshi Kobayashi (Toshiba) (Representative) (Voting) - Chair

• AI(Yoshi): Send slide PPT file to SZ (Done)
• Reproducible builds
  • Had CIP GB meeting.
• Kernel development for next CIP kernel
  • (On going) MOXA: Send the board support package to upstream
    • SZ: Working in progress
• Spectre/Meltdown
  • Arm vulnerability list: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
  • Renesas wants to backport Spectre/Meltdown mitigations on 4.4.y
    • Spectre variant 1
      • For x86 only backport 2nd wave of patches
      • Many drivers still need to be fixed
    • Spectre variant 2
      • No patches available for ARM
    • Meltdown (variant 3/3a) for ARM
      • Only required for Cortex-a75/72/57/15 (RZ/G1)
    • Spectre variant 4
      • No patches available for ARM
    • AI: tidy up this information
    • Status: Investigating. Can be comment soon. (7/23)
  • Cybertrust is interested in this issue.
    • Planning to provide first revision of patch.
    • Not sure on timescales yet though.
    • Patches would need to be ported from upstream to LTS v4.4.
    • Status: nothing to report at this moment. (7/23)
• Kernel maintainer
  • Cybertrust: AI(CTJ) Check possible options for kernel maintenance
    • CTJ answered to CIP
    • Iwamatsu-san will be CIP kernel maintainer (20% to Sep, 40% from Oct.).
  • Others?
    • Renesas
      • Katayama-san
        • If CIP itself has maintainer from CTJ, it is good situation.
        • Maintainer should be one person.
      • Chris
        • While Greg is maintaining 4.4, CIP need to have only one maintainer.
        • One maintainer and CIP kernel team will be enough.
    • Cybertrust: Iwamatsu
      • Considering the maintenance system, I think that one person is better.
    • Siemens: Wolfgang
      • We should urgently follow up with Bootlin, they replied swiftly and their experience as a team would be a valuable asset for CIP. Since rather more than less will come to our kernel plate, we think having two paid maintainers would be justified. We should also clarify at the earliest possible moment (ideally DebConf) if we can align the next CIP kernel with Debian-LTS, and if BenH can take over maintenance in this case.
    • Toshiba: Yoshi
      • IMHO, Bootlin has experienced kernel maintainers. We should consider much deeply what is the best way. I will also ask Ben, what does he think.
    • Agustin: Having as many as maintainer is good choice. But initially having one maintainer is enough. Bit worried if they don’t know each other.
      • Multi maintainer approach will be good if they know each other.
    • AI(Yoshi): Arrange a F2F meeting at DebConf with Ben, Wolfgang, Iwamatsu-san.
• CIP Core package list
  • AI(Daniel.S): Send to public mail list to get feedback from Ben. (DONE)
    • [cip-dev] [CIP Core] Criteria for prioritizing security fixes in Debian LTS
    • https://lists.cip-project.org/pipermail/cip-dev/2018-July/001398.html
  • Agustin sent the link to the spreadsheet and the internal thread about the topic to Ben H. so he can get some background.
• DebConf
  • AI(LF): Send booth materials to DebConf (Table cover and roll stand).
    • Table cover was sent, please ask front desk to pick up it.
    • Unable to find the roll-up screen, sigh…
  • Giveaways: CIP LEGO (They will go with Kazu)
  • Whitepaper (finalized?)
    • Submitted long one.
  • AI(LF/TSC): make sure when it is ready.
  • AI(Yoshi): Ask to LF Japan to find the old one.
• ELC-E
  • AI: Yoshi: Submit a talk to ELC-E
  • Under review process.

• Work towards finalising selection?
• Minimal, optimal or others?
• Discussion: Which package list will be submitted to Debian LTS?
• Daniel S. has interesting ideas about how to prioritise the list of packages we have collected.
  • These ideas, based on prioritising the list through security related criteria will be explained in the cip-dev mailing list.
  • Ben H. will evaluate these criteria and its impact before attending to DebConf.
  • Based on Ben H. feedback, CIP will decide to contact the Freexian leads before the DebConf or not.
  • AI(Daniel.S): Send to public mail list to get feedback. (DONE)
  • (On going. See above)
• Criteria for prioritizing security fixes:

1. Member package list
2. CVEs with high “base score”, high “impact score”, high “exploitability score”, and low “attack complexity”
3. Network software (CVEs with “Access Vector (AV): Network”)
4. Security software
5. Language runtimes/compilers

• Ben H. sent a list of activities to follow or participate on.
• Who will attend? The last day to confirm attendance is 6/21
  • Ben, Wolfgang, SZ, Nobu, Kazu and Yoshi
  • Booth Openday should be managed by SZ, Nobu, Kazu
  • Job fair will be held 28th July(Sat).
    • Kazu and Nobu (and maybe SZ)
    • AI(Yoshi) ask to them to run the booth.
• CIP will have a booth.
• Address for shipping items to DebConf:

AnHui Lee, Microelectronics and Information Research Center, National Chiao Tung University No.1001, University Rd., East Dist., Hsinchu City 300, Taiwan (R.O.C.) +886-3-5712121*31944

• Latest ARM patchets reviewed and merged.
  • V2 for some specific patches will need to be sent for review.

• Latest CIP kernel tested on BBB with B@D (limited)
• The work to move B@D away from VM and into containers has started.
• Older entries
  • CIP decide to move to centralized environment
  • Distributed LAVA server/lab status
  • Test case creation/contribution
  • Next steps
    • Setup KernelCI instance in centralized server
      • Put test results to KernelCI
  • Does any member already set up LAVA internally?
    • Moxa has jenkins/ LAVA testing system internally, Moxa can share it when it’s stable enough.
    • Renesas planning to setup a LAVA Lab to link to CIP LAVA master/KernelCI.

• Trying to run Docker on CIP Core.
  • (Yoshi) Toshiba has an experience to install it but not sure for me how to do it. ;(