Skip to content

CNF-15900: Add BIOS security hardening guidance to RDS docs#106068

Open
sebrandon1 wants to merge 1 commit intoopenshift:mainfrom
sebrandon1:rds-bios-security-hardening
Open

CNF-15900: Add BIOS security hardening guidance to RDS docs#106068
sebrandon1 wants to merge 1 commit intoopenshift:mainfrom
sebrandon1:rds-bios-security-hardening

Conversation

@sebrandon1
Copy link
Copy Markdown
Member

@sebrandon1 sebrandon1 commented Feb 5, 2026
edited
Loading

Version(s):

  • 4.18+
  • main

Issue:
https://issues.redhat.com/browse/CNF-15900

Link to docs preview:

  • Will be available after PR build completes

QE review:

  • QE has approved this change.

Additional information:
This PR adds BIOS security hardening guidance to the Telco RAN DU and Telco Core Reference Design Specification (RDS) documentation.

This PR consolidates changes from #106048 (by @strzibny) which added the ZTP firmware requirements table entries.

Summary

  • Added recommendation to disable USB boot, wireless LAN, and Bluetooth in host firmware settings
  • These settings align with NIST 800-53 security controls
  • Updated both RAN DU (telco-ran-bios-tuning.adoc) and Core (telco-core-host-firmware-and-boot-loader-configuration.adoc) RDS modules
  • Added entries to ZTP firmware requirements table (ztp-du-host-firmware-requirements.adoc)

Files Changed

File Change
modules/telco-ran-bios-tuning.adoc Added BIOS security hardening bullet point
modules/telco-core-host-firmware-and-boot-loader-configuration.adoc Added same guidance
modules/ztp-du-host-firmware-requirements.adoc Added USB Boot, Wireless LAN, Bluetooth to firmware table

🤖 Generated with Claude Code

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 5, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Feb 5, 2026
edited by openshift-ci Bot
Loading

@sebrandon1: This pull request references CNF-15900 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Version(s):

  • 4.18+
  • main

Issue:
https://issues.redhat.com/browse/CNF-15900

Link to docs preview:

  • Will be available after PR build completes

QE review:

  • QE has approved this change.

Additional information:
This PR adds BIOS security hardening guidance to the Telco RAN DU and Telco Core Reference Design Specification (RDS) documentation.

Summary

  • Added recommendation to disable USB boot, wireless LAN, and Bluetooth in host firmware settings
  • These settings align with NIST 800-53 security controls
  • Updated both RAN DU (telco-ran-bios-tuning.adoc) and Core (telco-core-host-firmware-and-boot-loader-configuration.adoc) RDS modules

Files Changed

File Change
modules/telco-ran-bios-tuning.adoc Added BIOS security hardening bullet point
modules/telco-core-host-firmware-and-boot-loader-configuration.adoc Added same guidance

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 5, 2026
@ocpdocs-previewbot
Copy link
Copy Markdown

ocpdocs-previewbot commented Feb 5, 2026
edited
Loading

🤖 Thu Mar 26 21:32:15 - Prow CI generated the docs preview:

https://106068--ocpdocs-pr.netlify.app/openshift-enterprise/latest/edge_computing/ztp-reference-cluster-configuration-for-vdu.html
https://106068--ocpdocs-pr.netlify.app/openshift-enterprise/latest/scalability_and_performance/telco-core-rds.html
https://106068--ocpdocs-pr.netlify.app/openshift-enterprise/latest/scalability_and_performance/telco-ran-du-rds.html

@sebrandon1 sebrandon1 force-pushed the rds-bios-security-hardening branch from c3de06d to 4848a52 Compare February 5, 2026 17:53
@sebrandon1 sebrandon1 mentioned this pull request Feb 5, 2026
Closed
@openshift-ci openshift-ci Bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 5, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Feb 5, 2026
edited by openshift-ci Bot
Loading

@sebrandon1: This pull request references CNF-15900 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Version(s):

  • 4.18+
  • main

Issue:
https://issues.redhat.com/browse/CNF-15900

Link to docs preview:

  • Will be available after PR build completes

QE review:

  • QE has approved this change.

Additional information:
This PR adds BIOS security hardening guidance to the Telco RAN DU and Telco Core Reference Design Specification (RDS) documentation.

This PR consolidates changes from #106048 (by @strzibny) which added the ZTP firmware requirements table entries.

Summary

  • Added recommendation to disable USB boot, wireless LAN, and Bluetooth in host firmware settings
  • These settings align with NIST 800-53 security controls
  • Updated both RAN DU (telco-ran-bios-tuning.adoc) and Core (telco-core-host-firmware-and-boot-loader-configuration.adoc) RDS modules
  • Added entries to ZTP firmware requirements table (ztp-du-host-firmware-requirements.adoc)

Files Changed

File Change
modules/telco-ran-bios-tuning.adoc Added BIOS security hardening bullet point
modules/telco-core-host-firmware-and-boot-loader-configuration.adoc Added same guidance
modules/ztp-du-host-firmware-requirements.adoc Added USB Boot, Wireless LAN, Bluetooth to firmware table

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@sebrandon1
Copy link
Copy Markdown
Member Author

sebrandon1 commented Feb 27, 2026

/remove-lifecycle stale

@sebrandon1 sebrandon1 force-pushed the rds-bios-security-hardening branch from 4848a52 to f7dfffe Compare March 16, 2026 18:06
@sebrandon1 @claude
CNF-15900: Add BIOS security hardening guidance to RDS docs
cda5c09 
Add recommendation to disable USB boot, wireless LAN, and Bluetooth
in host firmware settings for enhanced security. These settings align
with NIST 800-53 security controls.

Updated files:
- telco-ran-bios-tuning.adoc (RAN DU RDS)
- telco-core-host-firmware-and-boot-loader-configuration.adoc (Core RDS)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@sebrandon1 sebrandon1 force-pushed the rds-bios-security-hardening branch from f7dfffe to cda5c09 Compare March 26, 2026 21:25
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Mar 26, 2026

@sebrandon1: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sebrandon1 @openshift-ci-robot @ocpdocs-previewbot