meta-google: add recipe to disable/enable host console
Add a service that will trigger by gbmc-bare-metal-active target, upon
start/stop it will disable/re-enable obmc host console.
Tested: manually tested with stopping/starting the target
Change-Id: Ia57c825708bfe16f8f7967f6636d90327d28b5c0
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
diff --git a/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console.bb b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console.bb
new file mode 100644
index 0000000..0fc0ca4
--- /dev/null
+++ b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console.bb
@@ -0,0 +1,32 @@
+SUMMARY = "Disable obmc-console while the customer's host OS is running"
+DESCRIPTION = "Disable obmc-console while an untrusted host OS is running"
+PR = "r1"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+SRC_URI += " \
+ file://disable-obmc-console.service \
+ file://disable_obmc_console.sh \
+"
+
+DEPENDS += "systemd"
+
+RDEPENDS:${PN}:append = " \
+ bash \
+ bare-metal-active \
+ "
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = " \
+ disable-obmc-console.service \
+ "
+
+do_install:append() {
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/disable-obmc-console.service ${D}${systemd_system_unitdir}
+ install -d -m0755 ${D}${libexecdir}
+ install -m0755 ${WORKDIR}/disable_obmc_console.sh ${D}${libexecdir}/
+}
diff --git a/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable-obmc-console.service b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable-obmc-console.service
new file mode 100644
index 0000000..224eb73
--- /dev/null
+++ b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable-obmc-console.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Disable obmc console
+BindsTo=gbmc-bare-metal-active.target
+Before=gbmc-bare-metal-active.target disable-ipmi-kcs.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/libexec/disable_obmc_console.sh
+ExecStop=/usr/libexec/disable_obmc_console.sh -r
+
+[Install]
+WantedBy=gbmc-bare-metal-active.target
diff --git a/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable_obmc_console.sh b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable_obmc_console.sh
new file mode 100644
index 0000000..aaa8dc6
--- /dev/null
+++ b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable_obmc_console.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+ENABLE_CONSOLE_FILE="/var/google/config-package/enable-bm-console.flag"
+READ_ONLY_CONSOLE_FLAG="/run/readonly-console.flag"
+
+[ ! -f $ENABLE_CONSOLE_FILE ] || exit 0
+
+if [ "$1" == '-r' ]; then
+ # re-enable obmc console
+ touch $READ_ONLY_CONSOLE_FLAG
+
+ # stop bmc console client will start the host console
+ systemctl stop serial-to-bmc@*
+else
+ rm -f $READ_ONLY_CONSOLE_FLAG
+
+ # stop host console client will start the bmc console
+ systemctl stop serial-to-host@*
+fi