Add IPMI OEM command LinuxBootDone
Add a new OEM command for LinuxBoot to notify the BMC when it is about
to kexec into the OS. This is intended to give the BMC a chance to
prepare for an untrusted OS, e.g. disable any interfaces it doesn't want
the OS to have access to.
Tested:
Exercised the new OEM command using ipmitool
$ ipmitool raw 0x2e 0x32 0x79 0x2b 0x00 0x11
79 2b 00 11
Change-Id: Ica76d77cdde48cebfbced32d8e7e860b559074e8
Signed-off-by: John Wedig <johnwedig@google.com>
diff --git a/README.md b/README.md
index 31a3983..cb531ee 100644
--- a/README.md
+++ b/README.md
@@ -433,3 +433,26 @@
| ------- | ---------------- | ------------------------------------------------------------------------------------------------------------- |
| 0x00 | 0x10 | Subcommand |
| 0x01 | Current BMC MODE | <ul><li>0 -> Non Bare Metal Mode</li><li>1 -> Bare Metal Mode</li><li>2 -> Bare Metal Cleaning Mode</li></ul> |
+
+### LinuxBootDone - SubCommand 0x11
+
+Notify the BMC that LinuxBoot is finished and will kexec into the OS
+momentarily.
+
+If in bare metal mode, the BMC will disable IPMI upon receiving this command, to
+protect against a malicious OS. For this reason, the BMC may not respond to this
+command.
+
+If not in bare metal mode, this command has no effect.
+
+Request
+
+| Byte(s) | Value | Data |
+| ------- | ----- | ---------- |
+| 0x00 | 0x11 | Subcommand |
+
+Response (if applicable)
+
+| Byte(s) | Value | Data |
+| ------- | ----- | ---------- |
+| 0x00 | 0x11 | Subcommand |
diff --git a/commands.hpp b/commands.hpp
index 86a2650..7c8858d 100644
--- a/commands.hpp
+++ b/commands.hpp
@@ -55,6 +55,8 @@
SysPCIeSlotBifurcation = 15,
// The Sys get BMC Mode command
SysGetBmcMode = 16,
+ // The Sys Linux Boot Done command
+ SysLinuxBootDone = 17,
};
} // namespace ipmi
diff --git a/gbmc-bare-metal-active.target b/gbmc-bare-metal-active.target
new file mode 100644
index 0000000..736aed3
--- /dev/null
+++ b/gbmc-bare-metal-active.target
@@ -0,0 +1,2 @@
+[Unit]
+Description=Untrusted customer OS is running on host CPU
diff --git a/handler.cpp b/handler.cpp
index 4046871..9032055 100644
--- a/handler.cpp
+++ b/handler.cpp
@@ -670,5 +670,36 @@
std::vector<uint8_t>{});
}
+static constexpr auto BARE_METAL_TARGET = "gbmc-bare-metal-active.target";
+
+void Handler::linuxBootDone() const
+{
+ if (isBmcInBareMetalMode() != static_cast<uint8_t>(BmcMode::BM_MODE))
+ {
+ return;
+ }
+
+ log<level::INFO>("LinuxBootDone: Disabling IPMI");
+
+ // Start the bare metal active systemd target.
+ auto bus = sdbusplus::bus::new_default();
+ auto method = bus.new_method_call(SYSTEMD_SERVICE, SYSTEMD_ROOT,
+ SYSTEMD_INTERFACE, "StartUnit");
+
+ method.append(BARE_METAL_TARGET);
+ method.append("replace");
+
+ try
+ {
+ bus.call_noreply(method);
+ }
+ catch (const sdbusplus::exception::SdBusError& ex)
+ {
+ log<level::ERR>("Failed to start bare metal active systemd target",
+ entry("WHAT=%s", ex.what()));
+ throw IpmiException(::ipmi::ccUnspecifiedError);
+ }
+}
+
} // namespace ipmi
} // namespace google
diff --git a/handler.hpp b/handler.hpp
index 3b0a372..16b8208 100644
--- a/handler.hpp
+++ b/handler.hpp
@@ -203,6 +203,14 @@
* @return list of lanes taken by each device.
*/
virtual std::vector<uint8_t> pcieBifurcation(uint8_t index) = 0;
+
+ /**
+ * Prepare for OS boot.
+ *
+ * If in bare metal mode, the BMC will disable IPMI, to protect against an
+ * untrusted OS.
+ */
+ virtual void linuxBootDone() const = 0;
};
} // namespace ipmi
diff --git a/handler_impl.hpp b/handler_impl.hpp
index bad01f1..5d74435 100644
--- a/handler_impl.hpp
+++ b/handler_impl.hpp
@@ -70,6 +70,7 @@
uint8_t num_bytes) const override;
void accelOobWrite(std::string_view name, uint64_t address,
uint8_t num_bytes, uint64_t data) const override;
+ void linuxBootDone() const override;
protected:
// Exposed for dependency injection
diff --git a/ipmi.cpp b/ipmi.cpp
index 636cfa5..8e47c45 100644
--- a/ipmi.cpp
+++ b/ipmi.cpp
@@ -24,6 +24,7 @@
#include "google_accel_oob.hpp"
#include "handler.hpp"
#include "host_power_off.hpp"
+#include "linux_boot_done.hpp"
#include "machine_name.hpp"
#include "pcie_bifurcation.hpp"
#include "pcie_i2c.hpp"
@@ -83,6 +84,8 @@
return accelOobWrite(data, handler);
case SysPCIeSlotBifurcation:
return pcieBifurcation(data, handler);
+ case SysLinuxBootDone:
+ return linuxBootDone(data, handler);
default:
std::fprintf(stderr, "Invalid subcommand: 0x%x\n", cmd);
return ::ipmi::responseInvalidCommand();
diff --git a/linux_boot_done.cpp b/linux_boot_done.cpp
new file mode 100644
index 0000000..52e4c88
--- /dev/null
+++ b/linux_boot_done.cpp
@@ -0,0 +1,46 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "linux_boot_done.hpp"
+
+#include "commands.hpp"
+#include "errors.hpp"
+#include "handler.hpp"
+
+#include <ipmid/api-types.hpp>
+
+#include <span>
+#include <vector>
+
+namespace google
+{
+namespace ipmi
+{
+
+Resp linuxBootDone(std::span<const uint8_t>, HandlerInterface* handler)
+{
+ try
+ {
+ handler->linuxBootDone();
+ }
+ catch (const IpmiException& e)
+ {
+ return ::ipmi::response(e.getIpmiError());
+ }
+
+ return ::ipmi::responseSuccess(SysOEMCommands::SysLinuxBootDone,
+ std::vector<std::uint8_t>{});
+}
+} // namespace ipmi
+} // namespace google
diff --git a/linux_boot_done.hpp b/linux_boot_done.hpp
new file mode 100644
index 0000000..89dc0f4
--- /dev/null
+++ b/linux_boot_done.hpp
@@ -0,0 +1,33 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#pragma once
+
+#include "handler.hpp"
+
+#include <ipmid/api.h>
+
+#include <ipmid/api-types.hpp>
+
+#include <span>
+
+namespace google
+{
+namespace ipmi
+{
+
+Resp linuxBootDone(std::span<const uint8_t> data, HandlerInterface* handler);
+
+} // namespace ipmi
+} // namespace google
diff --git a/meson.build b/meson.build
index e6c407d..7ea91d2 100644
--- a/meson.build
+++ b/meson.build
@@ -71,6 +71,7 @@
'handler.cpp',
'host_power_off.cpp',
'ipmi.cpp',
+ 'linux_boot_done.cpp',
'machine_name.cpp',
'pcie_i2c.cpp',
'google_accel_oob.cpp',
@@ -102,6 +103,7 @@
systemd_dep = dependency('systemd')
if systemd_dep.found()
install_data(
+ 'gbmc-bare-metal-active.target',
'gbmc-host-poweroff.target',
'gbmc-psu-hardreset.target',
'gbmc-psu-hardreset-pre.target',
diff --git a/test/handler_mock.hpp b/test/handler_mock.hpp
index 9e9b71e..f62564e 100644
--- a/test/handler_mock.hpp
+++ b/test/handler_mock.hpp
@@ -63,6 +63,7 @@
(const, override));
MOCK_METHOD(std::vector<uint8_t>, pcieBifurcation, (uint8_t), (override));
MOCK_METHOD(uint8_t, getBmcMode, (), (override));
+ MOCK_METHOD(void, linuxBootDone, (), (const, override));
};
} // namespace ipmi
diff --git a/test/linux_boot_done_unittest.cpp b/test/linux_boot_done_unittest.cpp
new file mode 100644
index 0000000..adb80f4
--- /dev/null
+++ b/test/linux_boot_done_unittest.cpp
@@ -0,0 +1,47 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "commands.hpp"
+#include "handler_mock.hpp"
+#include "helper.hpp"
+#include "linux_boot_done.hpp"
+
+#include <vector>
+
+#include <gtest/gtest.h>
+
+using ::testing::Return;
+
+namespace google
+{
+namespace ipmi
+{
+
+TEST(LinuxBootDoneCommandTest, ValidResponseTest)
+{
+ std::vector<std::uint8_t> request = {};
+
+ HandlerMock hMock;
+ EXPECT_CALL(hMock, linuxBootDone()).Times(1);
+
+ auto reply = linuxBootDone(request, &hMock);
+ auto result = ValidateReply(reply, false);
+ auto& data = result.second;
+
+ EXPECT_EQ(0, data.size());
+ EXPECT_EQ(SysOEMCommands::SysLinuxBootDone, result.first);
+}
+
+} // namespace ipmi
+} // namespace google
diff --git a/test/meson.build b/test/meson.build
index 53064a1..7fa06c4 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -29,6 +29,7 @@
'psu',
'pcie_bifurcation',
'bmc_mode',
+ 'linux_boot_done',
]
foreach t : tests