Added OemComputerSystems and properties for provisioning
- Added OemComputerSystems Schema for provisioning properties
- Added "ProvisioningStatus" Oem property with EnumType
1) NotProvisioned
2) ProvisionedButNotLocked
3) ProvisionedAndLocked
Intel secures platform firmware components using Intel PFR mechanism.
This may differ for other Oem's(non-intel platforms) but the properties
like Provisioned, Locked states should be of generic as per NIST SP
800-193. Added build time flag to enable/disable PFR supported platforms.
Tested:
- By default provisioning feature is OFF, using GET method on below URI
verified Oem Property and observed no such property. This is default
behaviour on upstream.
URI: /redfish/v1/Systems/system
Response: No "Oem" property.
- Enabled provisioning feature in Intel platforms and Verified using Systems
URI. Ran the redfish validator tool and no new issues found due to this
change.
URI: /redfish/v1/Systems/system
RESPONSE:
.....
"Oem": {
"OpenBmc": {
"FirmwareProvisioning": {
"ProvisioningStatus": "NotProvisioned"
}
}
}
.....
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I674e6075263f4fa2962637d3add47393a1ff0c0b
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 40b5706..956e173 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -71,6 +71,12 @@
'/redfish/v1/Systems/system/LogServices/EventLog/Entries'."
OFF
)
+option (
+ BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE
+ "Enable provisioning feature support in redfish. Paths are under
+ '/redfish/v1/Systems/system/'."
+ OFF
+)
# Insecure options. Every option that starts with a BMCWEB_INSECURE flag should
# not be enabled by default for any platform, unless the author fully
@@ -359,6 +365,8 @@
-DBMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES>
$<$<BOOL:${BMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE}>:
-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE>
+ $<$<BOOL:${BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE}>:
+ -DBMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE>
)
# configure and install systemd unit files
diff --git a/redfish-core/lib/systems.hpp b/redfish-core/lib/systems.hpp
index 70c2eb8..d15a510 100644
--- a/redfish-core/lib/systems.hpp
+++ b/redfish-core/lib/systems.hpp
@@ -1157,6 +1157,74 @@
"xyz.openbmc_project.Object.Enable", "Enabled");
}
+#ifdef BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE
+/**
+ * @brief Retrieves provisioning status
+ *
+ * @param[in] aResp Shared pointer for completing asynchronous calls.
+ *
+ * @return None.
+ */
+void getProvisioningStatus(std::shared_ptr<AsyncResp> aResp)
+{
+ BMCWEB_LOG_DEBUG << "Get OEM information.";
+ crow::connections::systemBus->async_method_call(
+ [aResp](const boost::system::error_code ec,
+ const std::vector<std::pair<std::string, VariantType>>
+ &propertiesList) {
+ if (ec)
+ {
+ BMCWEB_LOG_DEBUG << "DBUS response error " << ec;
+ messages::internalError(aResp->res);
+ return;
+ }
+
+ const bool *provState = nullptr;
+ const bool *lockState = nullptr;
+ for (const std::pair<std::string, VariantType> &property :
+ propertiesList)
+ {
+ if (property.first == "UfmProvisioned")
+ {
+ provState = std::get_if<bool>(&property.second);
+ }
+ else if (property.first == "UfmLocked")
+ {
+ lockState = std::get_if<bool>(&property.second);
+ }
+ }
+
+ if ((provState == nullptr) || (lockState == nullptr))
+ {
+ BMCWEB_LOG_DEBUG << "Unable to get PFR attributes.";
+ messages::internalError(aResp->res);
+ return;
+ }
+
+ nlohmann::json &oemPFR =
+ aResp->res.jsonValue["Oem"]["OpenBmc"]["FirmwareProvisioning"];
+ if (*provState == true)
+ {
+ if (*lockState == true)
+ {
+ oemPFR["ProvisioningStatus"] = "ProvisionedAndLocked";
+ }
+ else
+ {
+ oemPFR["ProvisioningStatus"] = "ProvisionedButNotLocked";
+ }
+ }
+ else
+ {
+ oemPFR["ProvisioningStatus"] = "NotProvisioned";
+ }
+ },
+ "xyz.openbmc_project.PFR.Manager", "/xyz/openbmc_project/pfr",
+ "org.freedesktop.DBus.Properties", "GetAll",
+ "xyz.openbmc_project.PFR.Attributes");
+}
+#endif
+
/**
* @brief Translates watchdog timeout action DBUS property value to redfish.
*
@@ -1668,6 +1736,9 @@
getBootProperties(asyncResp);
getPCIeDeviceList(asyncResp, "PCIeDevices");
getHostWatchdogTimer(asyncResp);
+#ifdef BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE
+ getProvisioningStatus(asyncResp);
+#endif
}
void doPatch(crow::Response &res, const crow::Request &req,
diff --git a/static/redfish/v1/$metadata/index.xml b/static/redfish/v1/$metadata/index.xml
index 48090d4..7383365 100644
--- a/static/redfish/v1/$metadata/index.xml
+++ b/static/redfish/v1/$metadata/index.xml
@@ -1877,5 +1877,7 @@
</edmx:Reference>
<edmx:Reference Uri="/redfish/v1/schema/Crashdump_v1.xml">
<edmx:Include Namespace="Crashdump.v1_0_0"/>
+ <edmx:Reference Uri="/redfish/v1/schema/OemComputerSystem_v1.xml">
+ <edmx:Include Namespace="OemComputerSystem"/>
</edmx:Reference>
</edmx:Edmx>
diff --git a/static/redfish/v1/JsonSchemas/OemComputerSystem/index.json b/static/redfish/v1/JsonSchemas/OemComputerSystem/index.json
new file mode 100644
index 0000000..1423af5
--- /dev/null
+++ b/static/redfish/v1/JsonSchemas/OemComputerSystem/index.json
@@ -0,0 +1,111 @@
+{
+ "$id": "http://redfish.dmtf.org/schemas/v1/OemComputerSystem.json",
+ "$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json",
+ "copyright": "Copyright 2014-2019 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright",
+ "definitions": {
+ "FirmwareProvisioning": {
+ "additionalProperties": false,
+ "description": "Configuration data for platform firmware provisioning.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "ProvisioningStatus": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/FirmwareProvisioningStatus"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "This indicates platform firmware provisioning state.",
+ "longDescription": "The value of this property indicating provisioning status of platform firmware.",
+ "readonly": true
+ }
+ },
+ "type": "object"
+ },
+ "FirmwareProvisioningStatus": {
+ "enum": [
+ "NotProvisioned",
+ "ProvisionedButNotLocked",
+ "ProvisionedAndLocked"
+ ],
+ "enumDescriptions": {
+ "NotProvisioned": "Platform firmware is not provisioned.",
+ "ProvisionedAndLocked": "Platform firmware is provisioned and locked.",
+ "ProvisionedButNotLocked": "Platform firmware is provisioned but not locked."
+ },
+ "enumLongDescriptions": {
+ "NotProvisioned": "Platform firmware is not provisioned.",
+ "ProvisionedAndLocked": "Platform firmware is provisioned and locked. So re-provisioning is not allowed in this state.",
+ "ProvisionedButNotLocked": "Platform firmware is provisioned but not locked. So re-provisioning is allowed in this state."
+ },
+ "type": "string"
+ },
+ "Oem": {
+ "additionalProperties": true,
+ "description": "OemComputerSystem Oem properties.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "OpenBmc": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/OpenBmc"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ }
+ },
+ "type": "object"
+ },
+ "OpenBmc": {
+ "additionalProperties": true,
+ "description": "Oem properties for OpenBmc.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {},
+ "type": "object"
+ }
+ },
+ "title": "#OemComputerSystem"
+}
diff --git a/static/redfish/v1/schema/OemComputerSystem_v1.xml b/static/redfish/v1/schema/OemComputerSystem_v1.xml
new file mode 100644
index 0000000..6588f0a
--- /dev/null
+++ b/static/redfish/v1/schema/OemComputerSystem_v1.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<edmx:Edmx xmlns:edmx="http://docs.oasis-open.org/odata/ns/edmx" Version="4.0">
+ <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Core.V1.xml">
+ <edmx:Include Namespace="Org.OData.Core.V1" Alias="OData" />
+ </edmx:Reference>
+ <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/RedfishExtensions_v1.xml">
+ <edmx:Include Namespace="Validation.v1_0_0" Alias="Validation"/>
+ <edmx:Include Namespace="RedfishExtensions.v1_0_0" Alias="Redfish"/>
+ </edmx:Reference>
+ <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/ComputerSystem_v1.xml">
+ <edmx:Include Namespace="ComputerSystem"/>
+ <edmx:Include Namespace="ComputerSystem.v1_4_0"/>
+ </edmx:Reference>
+ <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/Resource_v1.xml">
+ <edmx:Include Namespace="Resource"/>
+ <edmx:Include Namespace="Resource.v1_0_0"/>
+ </edmx:Reference>
+
+ <edmx:DataServices>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="OemComputerSystem">
+ <ComplexType Name="Oem" BaseType="Resource.OemObject">
+ <Annotation Term="OData.AdditionalProperties" Bool="true" />
+ <Annotation Term="OData.Description" String="OemComputerSystem Oem properties." />
+ <Annotation Term="OData.AutoExpand"/>
+ <Property Name="OpenBmc" Type="OemComputerSystem.OpenBmc"/>
+ </ComplexType>
+
+ <ComplexType Name="OpenBmc" BaseType="Resource.OemObject">
+ <Annotation Term="OData.AdditionalProperties" Bool="true" />
+ <Annotation Term="OData.Description" String="Oem properties for OpenBmc." />
+ <Annotation Term="Redfish.DynamicPropertyPatterns">
+ <Collection>
+ <NavigationProperty Type="OemComputerSystem.FirmwareProvisioning">
+ <Annotation Term="OData.AutoExpand"/>
+ <PropertyValue Property="Pattern" String="[A-Za-z0-9_.:]+" />
+ <PropertyValue Property="Type" String="OemComputerSystem.FirmwareProvisioning" />
+ </NavigationProperty>
+ </Collection>
+ </Annotation>
+ </ComplexType>
+
+ <ComplexType Name="FirmwareProvisioning" BaseType="Resource.OemObject">
+ <Annotation Term="OData.AdditionalProperties" Bool="false" />
+ <Annotation Term="OData.Description" String="Configuration data for platform firmware provisioning." />
+ <Property Name="ProvisioningStatus" Type="OemComputerSystem.FirmwareProvisioningStatus">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
+ <Annotation Term="OData.Description" String="This indicates platform firmware provisioning state."/>
+ <Annotation Term="OData.LongDescription" String="The value of this property indicating provisioning status of platform firmware."/>
+ </Property>
+ </ComplexType>
+
+ <EnumType Name="FirmwareProvisioningStatus">
+ <Member Name="NotProvisioned">
+ <Annotation Term="OData.Description" String="Platform firmware is not provisioned."/>
+ <Annotation Term="OData.LongDescription" String="Platform firmware is not provisioned."/>
+ </Member>
+ <Member Name="ProvisionedButNotLocked">
+ <Annotation Term="OData.Description" String="Platform firmware is provisioned but not locked."/>
+ <Annotation Term="OData.LongDescription" String="Platform firmware is provisioned but not locked. So re-provisioning is allowed in this state."/>
+ </Member>
+ <Member Name="ProvisionedAndLocked">
+ <Annotation Term="OData.Description" String="Platform firmware is provisioned and locked."/>
+ <Annotation Term="OData.LongDescription" String="Platform firmware is provisioned and locked. So re-provisioning is not allowed in this state."/>
+ </Member>
+ </EnumType>
+ </Schema>
+ </edmx:DataServices>
+</edmx:Edmx>