Skip to content

Comments

Add BIOS security hardening settings to firmware requirements#106048

Closed
sebrandon1 wants to merge 1 commit intoopenshift:mainfrom
sebrandon1:cnf-15900-bios-security-hardening
Closed

Add BIOS security hardening settings to firmware requirements#106048
sebrandon1 wants to merge 1 commit intoopenshift:mainfrom
sebrandon1:cnf-15900-bios-security-hardening

Conversation

@sebrandon1
Copy link
Member

@sebrandon1 sebrandon1 commented Feb 5, 2026

Summary

Add BIOS security hardening requirements for RAN deployments.

Jira

https://issues.redhat.com/browse/CNF-15900

Changes

Updated host firmware requirements table to include:

  • USB Boot: Disabled
  • Wireless LAN: Disabled
  • Bluetooth: Disabled

These settings align with NIST 800-53 security controls and address compliance checks:

  • rhcos4-moderate-master-bios-disable-usb-boot
  • rhcos4-moderate-master-wireless-disable-in-bios

Related

Supersedes #90286 which was auto-closed due to inactivity.

@sebrandon1
Add BIOS security hardening settings for RAN deployments
15fc967 
Adds USB Boot, Wireless LAN, and Bluetooth disabled settings to the
host firmware requirements table. These settings align with NIST 800-53
security controls for RAN deployments.

Jira: CNF-15900
@openshift-ci openshift-ci bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 5, 2026
@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Feb 5, 2026

🤖 Thu Feb 05 16:46:59 - Prow CI generated the docs preview:

https://106048--ocpdocs-pr.netlify.app/openshift-enterprise/latest/edge_computing/ztp-reference-cluster-configuration-for-vdu.html

@openshift-ci
Copy link

openshift-ci bot commented Feb 5, 2026

@sebrandon1: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@sebrandon1
Copy link
Member Author

sebrandon1 commented Feb 5, 2026
edited by openshift-ci bot
Loading

Closing this PR as the changes have been consolidated into #106068, which now includes all three files for CNF-15900:

  • modules/telco-ran-bios-tuning.adoc
  • modules/telco-core-host-firmware-and-boot-loader-configuration.adoc
  • modules/ztp-du-host-firmware-requirements.adoc

Superseded by #106068.

@sebrandon1 sebrandon1 closed this Feb 5, 2026
@sebrandon1 sebrandon1 mentioned this pull request Feb 5, 2026
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sebrandon1 @ocpdocs-previewbot