On 8/15/23 11:19, Sasha Levin wrote:
> On Tue, Aug 15, 2023 at 10:19:21AM -0700, Dave Hansen wrote:
>> On 8/15/23 09:58, Sasha Levin wrote:
...>>> 1. Ask (require) organizations that repeatedly go through this
mechanism
>>> to create a test environment that can demonstrate how the embargoed code
>>> passes different build/validation tests. We should set a minimal bar to
>>> the demonstrated quality of code that we'll "sneak" behind the backs of
>>> community members.
>>
>> Intel does send things through 0day internally, with a few minor
>> differences from how public stuff gets tested.  But, I don't think any
>> information about that internal testing ever makes it into the material
>> that get merged.  We'll fix that.
> 
> Beyond running tests, it would also be great to standardize on what we
> need to run, and if Intel wants to start the discussion by openning up
> it's tests for embargoed code then it'll e a great start!

I'll go rattle some cages.  It might be boring old 0day, but I'll find out.

>>> 2. Create a group of trusted "testers" who can test embargoed code with
>>> different (ideally "real") workloads and environments. I think that
>>> we're overly focused on keeping the circle of people in the know small.
>>
>> The docs:
>>
>>> https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
>>
>> _should_ allow the "hardware security team" to add testers today:
> 
> It probably does, but the way it's written now you'd need a lawyer to
> confirm that.

How about something like the attached patch for that doc?  Does that
help ensure we leave the lawyers alone? :)