Summary

As part of the Ubuntu Server on ARM, a strong emphasis on improving and validating ARM security has come to light. As such, we need to validate the security of Ubuntu on ARM, and document our methods of doing so

Release Note

Ubuntu on ARM security coverage is now on par with Ubuntu/x86.

Rationale

As the use of Ubuntu on ARM continues to grow, it would reflect extremely poorly if known CVEs that are patched on x86 would continue to persist. As such we need to validate that CVEs are also fixed on ARM.

User stories

Assumptions

Implementation

Entropy Validation

A fundamental part of good security is the ability to generate good entropy. The quality of the entropy in the kernel must be tested to make sure it is of high quality for OpenSSH and other entropy using processes. ubuntu-qa-tools has tests that will help validate entropy status on AR.

Testing

The QA team has a pre-existing test suite of regression tests. This battery of tests should be run on both development releases on oneiric and on natty, and the results compared against i386/amd64 to insure good security converge.

Migration

None

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

This need not be added or completed until the specification is nearing beta.


CategorySpec

ARM/SecurityValidation (last edited 2011-06-01 22:09:30 by mcasadevall)