Launchpad Entry: arm-o-security-entropy-validation
Created: May 31st, 2011
Contributors: Michael Casadevall, Kees Cook
As part of the Ubuntu Server on ARM, a strong emphasis on improving and validating ARM security has come to light. As such, we need to validate the security of Ubuntu on ARM, and document our methods of doing so
Ubuntu on ARM security coverage is now on par with Ubuntu/x86.
As the use of Ubuntu on ARM continues to grow, it would reflect extremely poorly if known CVEs that are patched on x86 would continue to persist. As such we need to validate that CVEs are also fixed on ARM.
- Embargoed patches will often resolve security fixes on multiple architectures
A fundamental part of good security is the ability to generate good entropy. The quality of the entropy in the kernel must be tested to make sure it is of high quality for OpenSSH and other entropy using processes. ubuntu-qa-tools has tests that will help validate entropy status on AR.
The QA team has a pre-existing test suite of regression tests. This battery of tests should be run on both development releases on oneiric and on natty, and the results compared against i386/amd64 to insure good security converge.
It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.
This need not be added or completed until the specification is nearing beta.