commit | 1c05dae3011628e5726eefc3ec4dbe7733fbb4d5 | [log] [tgz] |
---|---|---|
author | Ali Ahmed <ama213000@gmail.com> | Tue Jun 29 17:49:22 2021 -0500 |
committer | Gunnar Mills <gmills@us.ibm.com> | Fri Aug 20 13:36:05 2021 +0000 |
tree | 8dab09eb727eb9a6e6a54bf1b783a7d50697aad5 | |
parent | 1759dc7a351b665cce9cf260e0c911f489a344ff [diff] |
Add TrustedModuleRequiredToBoot setter function TrustedModuleRequiredToBoot is a Redfish ComputerSystem v1_14_0 property, determining if a working TPM is required in order to boot the host. The TPM Required property is mapped to the "TPMEnable" D-Bus property. The possible values for the Redfish property are "Required" and "Disabled". This commit will add the PATCH operations to the TrustedModuleRequiredToBoot Redfish property. (See https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/43930 for the GET operations for this property). Testing: 1) Curl Testing: I manually tested retrieving the property: *Default value of TrustedModuleRequiredToBoot is ??Required?? curl -k -H "X-Auth-Token: $token" -X PATCH -d \ '{"TrustedModuleRequiredToBoot":false}' \ https://${bmc}/redfish/v1/Systems/system curl -k -H "X-Auth-Token: $token" \ https://${bmc}/redfish/v1/Systems/system { "@odata.id": "/redfish/v1/Systems/system", "@odata.type": "#ComputerSystem.v1_14_0.ComputerSystem", ... "Boot": { "AutomaticRetryAttempts": 3, ?? "RemainingAutomaticRetryAttempts": 3, "TrustedModuleRequiredToBoot": "Disabled" }, ... On HW: D-Bus TPMEnable shows up correctly as 'false' '# busctl get-property xyz.openbmc_project.Settings \ /xyz/openbmc_project/control/host0/TPMEnable \ xyz.openbmc_project.Control.TPM.Policy TPMEnable' b false 2) Redfish Validator Testing: Tested on ComputerSystem v1_14_0 schema Validator Test everything passed and 0 failures. Signed-off-by: Ali Ahmed <ama213000@gmail.com> Change-Id: Ie96a6afca179e45bef35813a3fa9c8a10cdf234e
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Dbuildtype=debug ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.