On 01/17/2014 04:20 PM, Devananda van der Veen wrote:
tl;dr, We should not be recycling bare metal nodes between untrusted tenants at this time. There's a broader discussion about firmware security going on, which, I think, will take a while for the hardware vendors to really address.
What can the hardware vendors do? Has anyone proposed a meaningful solution for the firmware issue?
Given the number of devices (NIC, GPU, storage controllers, etc.) that could potentially have firmware update capabilities it's not clear to me how this could be reliably solved.
Chris _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
