Allow sensor value override in mfg mode only
Issue: User is able to override sensor value even though system is not
in manufacturing mode
Fix: Code changes are done to patch sensor values when system is only
in manufacturing Mode.
Tested:
1. Redfish validator - passed for this new change
Case 1:
1. Enable manufacturing mode by pressing power button while bmc booting
2. Patch sensor values from Redfish.
Redfish URI:
PATCH https://<BMC-IP>/redfish/v1/Chassis/WC_Baseboard/Thermal
Body:
{
"Temperatures": [
{
"MemberId": "SSB_Temp",
"ReadingCelsius":112
}
]
}
Response:
{
"@odata.id": "/redfish/v1/Chassis/WC_Baseboard/Thermal",
"@odata.type": "#Thermal.v1_4_0.Thermal",
"Fans": [],
"Id": "Thermal",
"Name": "Thermal",
"Temperatures": []
}
3. Sensor value Overridden successfully
Case 2: Varified for ValidationUnsecure mode.
Case 3: Tested without SpecialMode mode
1. Stop the specialmodemgr.service service
2. Patch sensor values from Redfish.
3. Sensor value Overridden successfully
Case 4:
1. Disable manufacturing mode
Command: ipmitool raw 0x30 0xB4 3 0
Response: //Success
2. Patch sensor values from Redfish.
Redfish URI:
PATCH https://<BMC-IP>/redfish/v1/Chassis/WC_Baseboard/Thermal
Body:
{
"Temperatures": [
{
"MemberId": "SSB_Temp",
"ReadingCelsius":112
}
]
}
3. Returning proper error.
Response :
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The action Overriding of Sensor Value for
non manufacturing mode is not supported by the resource.",
"MessageArgs": [
"Overriding of Sensor Value for non manufacturing mode"
],
"MessageId": "Base.1.4.0.ActionNotSupported",
"Resolution": "The action supplied cannot be resubmitted to
the implementation. Perhaps the action was invalid, the
wrong resource was the target or the implementation
documentation may be of assistance.",
"Severity": "Critical"
}
],
"code": "Base.1.4.0.ActionNotSupported",
"message": "The action Overriding of Sensor Value for
non manufacturing mode is not supported by the resource."
}
}
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I34cd53fba939fb367310c531a050792ef749dd70
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f874d9d..3ced518 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -119,6 +119,11 @@
OFF
)
+option (BMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE
+ "Enables unsecure features required by validation. Note: must
+ be turned off for production images."
+ OFF)
+
set (BMCWEB_HTTP_REQ_BODY_LIMIT_MB "30" CACHE STRING
"The max HTTP request body size in MB")
@@ -392,6 +397,8 @@
-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE}>:
-DBMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE>
+ $<$<BOOL:${BMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE}>:
+ -DBMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE>
)
# configure and install systemd unit files
diff --git a/redfish-core/lib/power.hpp b/redfish-core/lib/power.hpp
index ac7503d..5e6ba8a 100644
--- a/redfish-core/lib/power.hpp
+++ b/redfish-core/lib/power.hpp
@@ -360,7 +360,8 @@
std::unordered_map<std::string, std::vector<nlohmann::json>>
allCollections;
allCollections.emplace("Voltages", *std::move(voltageCollections));
- setSensorOverride(asyncResp, allCollections, chassisName, typeList);
+ checkAndDoSensorsOverride(asyncResp, allCollections, chassisName,
+ typeList);
}
}
};
diff --git a/redfish-core/lib/sensors.hpp b/redfish-core/lib/sensors.hpp
index adcdc25..6c1f830 100644
--- a/redfish-core/lib/sensors.hpp
+++ b/redfish-core/lib/sensors.hpp
@@ -2598,15 +2598,15 @@
* @param res response object
* @param allCollections Collections extract from sensors' request patch info
* @param typeList TypeList of sensors for the resource queried
- * @param chassisSubNode Chassis Node for which the query has to happen
+ * @param chassisSubNode Chassis Node for which the query has to happen
*/
-void setSensorOverride(
+void setSensorsOverride(
std::shared_ptr<SensorsAsyncResp> sensorAsyncResp,
std::unordered_map<std::string, std::vector<nlohmann::json>>&
allCollections,
const std::string& chassisName, const std::vector<const char*> typeList)
{
- BMCWEB_LOG_INFO << "setSensorOverride for subNode"
+ BMCWEB_LOG_INFO << "setSensorsOverride for subNode"
<< sensorAsyncResp->chassisSubNode << "\n";
const char* propertyValueName;
@@ -2726,6 +2726,138 @@
getChassis(sensorAsyncResp, std::move(getChassisSensorListCb));
}
+bool isOverridingAllowed(const std::string& manufacturingModeStatus)
+{
+ if (manufacturingModeStatus ==
+ "xyz.openbmc_project.Control.Security.SpecialMode.Modes.Manufacturing")
+ {
+ return true;
+ }
+
+#ifdef BMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE
+ if (manufacturingModeStatus == "xyz.openbmc_project.Control.Security."
+ "SpecialMode.Modes.ValidationUnsecure")
+ {
+ return true;
+ }
+
+#endif
+
+ return false;
+}
+
+/**
+ * @brief Entry point for Checking the manufacturing mode before doing sensor
+ * override values of given sensor
+ *
+ * @param res response object
+ * @param allCollections Collections extract from sensors' request patch info
+ * @param typeList TypeList of sensors for the resource queried
+ * @param chassisSubNode Chassis Node for which the query has to happen
+ */
+void checkAndDoSensorsOverride(
+ std::shared_ptr<SensorsAsyncResp> sensorAsyncResp,
+ std::unordered_map<std::string, std::vector<nlohmann::json>>& allCollect,
+ const std::string& chassisName, const std::vector<const char*> typeList)
+{
+ BMCWEB_LOG_INFO << "checkAndDoSensorsOverride for subnode"
+ << sensorAsyncResp->chassisSubNode << "\n";
+
+ const std::array<std::string, 1> interfaces = {
+ "xyz.openbmc_project.Security.SpecialMode"};
+
+ crow::connections::systemBus->async_method_call(
+ [sensorAsyncResp, allCollect, chassisName,
+ typeList](const boost::system::error_code ec,
+ const GetSubTreeType& resp) mutable {
+ if (ec)
+ {
+ BMCWEB_LOG_DEBUG
+ << "Error in querying GetSubTree with Object Mapper. "
+ << ec;
+ messages::internalError(sensorAsyncResp->res);
+ return;
+ }
+ if (!resp.size())
+ {
+ // Special mode manager doesn't exist, proceed with sensor
+ // override
+ setSensorsOverride(sensorAsyncResp, allCollect, chassisName,
+ typeList);
+ return;
+ }
+
+ if (resp.size() != 1)
+ {
+ BMCWEB_LOG_DEBUG << "Queried object count mismatch. ";
+ messages::internalError(sensorAsyncResp->res);
+ return;
+ }
+ const std::string& path = resp[0].first;
+ const std::string& serviceName = resp[0].second.begin()->first;
+
+ if (path.empty() || serviceName.empty())
+ {
+ BMCWEB_LOG_DEBUG
+ << "Path or service name is returned as empty. ";
+ messages::internalError(sensorAsyncResp->res);
+ return;
+ }
+
+ // Sensor override is allowed only in manufacturing mode or
+ // validation unsecure mode .
+ crow::connections::systemBus->async_method_call(
+ [sensorAsyncResp, allCollect, chassisName, typeList,
+ path](const boost::system::error_code ec,
+ std::variant<std::string>& getManufactMode) mutable {
+ if (ec)
+ {
+ BMCWEB_LOG_DEBUG
+ << "Error in querying Special mode property " << ec;
+ messages::internalError(sensorAsyncResp->res);
+ return;
+ }
+
+ const std::string* manufacturingModeStatus =
+ std::get_if<std::string>(&getManufactMode);
+
+ if (nullptr == manufacturingModeStatus)
+ {
+ BMCWEB_LOG_DEBUG << "Sensor override mode is not "
+ "Enabled. Returning ... ";
+ messages::internalError(sensorAsyncResp->res);
+ return;
+ }
+
+ if (isOverridingAllowed(*manufacturingModeStatus))
+ {
+ BMCWEB_LOG_INFO << "Manufacturing mode is Enabled. "
+ "Proceeding further... ";
+ setSensorsOverride(sensorAsyncResp, allCollect,
+ chassisName, typeList);
+ }
+ else
+ {
+ BMCWEB_LOG_WARNING
+ << "Manufacturing mode is not Enabled...can't "
+ "Override the sensor value. ";
+
+ messages::actionNotSupported(
+ sensorAsyncResp->res,
+ "Overriding of Sensor Value for non "
+ "manufacturing mode");
+ return;
+ }
+ },
+ serviceName, path, "org.freedesktop.DBus.Properties", "Get",
+ "xyz.openbmc_project.Security.SpecialMode", "SpecialMode");
+ },
+
+ "xyz.openbmc_project.ObjectMapper",
+ "/xyz/openbmc_project/object_mapper",
+ "xyz.openbmc_project.ObjectMapper", "GetSubTree", "/", 5, interfaces);
+}
+
class SensorCollection : public Node
{
public:
diff --git a/redfish-core/lib/thermal.hpp b/redfish-core/lib/thermal.hpp
index 3ab9e44..ac74657 100644
--- a/redfish-core/lib/thermal.hpp
+++ b/redfish-core/lib/thermal.hpp
@@ -98,7 +98,8 @@
allCollections.emplace("Fans", *std::move(fanCollections));
}
- setSensorOverride(asyncResp, allCollections, chassisName, typeList);
+ checkAndDoSensorsOverride(asyncResp, allCollections, chassisName,
+ typeList);
}
};