fw-update: Support TFTP in Redfish UpdateService

The goal with the 2.7 OpenBMC release is to have function parity for
firmware updates in Redfish vs. the legacy REST APIs. This commit
updates the design behind supporting TFTP in Redfish.

Change-Id: I88cccd1d79e1f5600e6bf8c83000661646091d36
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/designs/firmware-update-over-redfish.md b/designs/firmware-update-over-redfish.md
index 1785a11..afb76bb 100644
--- a/designs/firmware-update-over-redfish.md
+++ b/designs/firmware-update-over-redfish.md
@@ -66,6 +66,7 @@
   Redfish API's (/redfish/v1/UpdateService)
 - Support a subset of ApplyTime (Immediate, OnReset)
 - Support a TFTP based SimpleUpdate
+  - This must be configurable (enable/disable) via compile option within bmcweb
 - Support an OEM (or get upstream to DMTF) to select the priority of an existing
   image associated with a target
 
@@ -129,6 +130,43 @@
 automatically. The activation will involve a BMC reboot if the image was for the
 BMC.
 
+### Remote Image Download Based Update ###
+
+As noted above, Redfish supports a SimpleUpdate object under the UpdateService.
+The SimpleUpdate schema supports a variety of transfer protocols (CIFS, FTP,
+TFTP, ...). The existing back end of OpenBMC only supports TFTP so initially
+that is all that will be supported via Redfish on OpenBMC.
+
+The Redfish API takes a parameter, ImageURI, which contains both the server
+address information and the name of the file. The back end software manager
+interface on OpenBMC requires two parameters, the TFTP server address and the
+file name so there will be some parsing required.
+
+The pseudo flow for an update is:
+```
+# Discover SimpleUpdate URI Action location
+GET https://${bmc}/redfish/v1/UpdateService
+
+# Configure when the new image should be applied
+POST ApplyTime property in
+  UpdateService/HttpPushUriOptions->HttpPushUriApplyTime object
+  (Immediate or OnReset)
+
+# Request OpenBMC to download from TFTP server and activate the image
+POST https://${bmc}/redfish/v1/UpdateService/Actions/UpdateService.SimpleUpdate
+    [ImageURI=<tftp server ip>/<file name>, TransferProtocol=TFTP]
+```
+
+TFTP is an insecure protocol. There is no username or password associated with
+it and no validation of the input URL. OpenBMC does have signed image support
+which is, by default, part of the update process. The user must have
+administration authority to request this update so it is assumed they know what
+they are doing and the level of security available with TFTP.
+
+Due to the security concerns with TFTP, this feature will be disabled by default
+within bmcweb but can be enabled via a compile flag (see CMakeLists.txt within
+bmcweb repository for details).
+
 ### Delete an Image
 No support for deleting an image will be provided (until the DMTF provides it).
 Want to reduce OEM interfaces and the ability to set priority will allow the