Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / intel-ipmi-oem / 107910627db644846fa7ad56a780792df9155402^! / . / src
commit107910627db644846fa7ad56a780792df9155402[log] [tgz]
authorRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Mon Nov 11 12:19:53 2019 +0530
committerRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Wed Nov 20 00:48:04 2019 +0000
treec30721000307021145d4728a3c69b3df41c4ae57
parent86236a271690debf1ec07ebf47de32c919ced849 [diff]
Updated set security command for val unsecure

Support added for set security mode command to set the validation
unsecure value when image is build with debug-tweaks. This will be
used to enable the validation unsecure mode permanently, till
reset to defaults is performed. By default this feature will be disabled
and will be enabled when validation unsecure mode is specified.

Tested:
Tested along with special mode manager changes
1. Verified feature working state with validation-unsecure and not working
without validation-unsecure
2. Verified that set security mode enables the validation unsecure
3. Manufacturing commands are executed when in validation unsecure
mode

Change-Id: Ib160fbafc0e92cf33cc129039ae932364ad4dee4
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

diff --git a/src/oemcommands.cpp b/src/oemcommands.cpp
index 9c1a70d..6cc951e 100644
--- a/src/oemcommands.cpp
+++ b/src/oemcommands.cpp

@@ -2605,8 +2605,15 @@
  *  @returns IPMI completion code
  */
 ipmi::RspType<> ipmiSetSecurityMode(ipmi::Context::ptr ctx,
-                                    uint8_t restrictionMode)
+                                    uint8_t restrictionMode,
+                                    std::optional<uint8_t> specialMode)
 {
+#ifndef BMC_VALIDATION_UNSECURE_FEATURE
+    if (specialMode)
+    {
+        return ipmi::responseReqDataLenInvalid();
+    }
+#endif
     namespace securityNameSpace =
         sdbusplus::xyz::openbmc_project::Control::Security::server;
 
@@ -2672,6 +2679,29 @@
             phosphor::logging::entry("ERROR=%s", ec.message().c_str()));
         return ipmi::responseUnspecifiedError();
     }
+
+#ifdef BMC_VALIDATION_UNSECURE_FEATURE
+    if (specialMode)
+    {
+        ec.clear();
+        ctx->bus->yield_method_call<>(
+            ctx->yield, ec, specialModeService, specialModeBasePath,
+            dBusPropertyIntf, dBusPropertySetMethod, specialModeIntf,
+            specialModeProperty,
+            static_cast<std::variant<std::string>>(
+                securityNameSpace::convertForMessage(
+                    static_cast<securityNameSpace::SpecialMode::Modes>(
+                        specialMode.value()))));
+
+        if (ec)
+        {
+            phosphor::logging::log<phosphor::logging::level::ERR>(
+                "ipmiSetSecurityMode: failed to set SpecialMode property",
+                phosphor::logging::entry("ERROR=%s", ec.message().c_str()));
+            return ipmi::responseUnspecifiedError();
+        }
+    }
+#endif
     return ipmi::responseSuccess();
 }