Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / intel-ipmi-oem / cca2140bb37c1931d9aaf2fb216c99c953a39a0c
commitcca2140bb37c1931d9aaf2fb216c99c953a39a0c[log] [tgz]
authorJayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Thu Jul 16 12:14:10 2020 +0000
committerAppaRao Puli <apparao.puli@linux.intel.com>Fri Jul 31 07:33:19 2020 +0000
treee0ac1724a1f9741ff59e0d7a0cd24e85ba7d6c36
parent04a38ed10db3a0203aa7804bfea6fbd69dafdde8 [diff]
bridgingcommands:Fix for System interface commands

Issue: Set BMC Global Enables, Clear Message Flags, Get Message Flags,
Get Message, Read Event Message Buffer commands are allowed to execute
in all the channels instead to allow only with System interface.

Fix: Added condition check in each API to allow only with system
     interface.

Tested:
Verified using cmdtool utility and clear linux OS.
Before Fix:
Set BMC Global Enables, Clear Message Flags, Get Message Flags,
Get Message and Read Event Message Buffer commands are working in other
than system interface channels.
Command:  ipmitool raw 0x06 0x2e 0x09 //Set BMC Global Enables
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd5): Command not supported in present state
Command:  ipmitool raw 0x06 0x30 0x00  //Clear Message Flags
Response:         //Success
Command:  ipmitool raw 0x06 0x31 //Get Message Flags
Response: 00
Command:  ipmitool raw 0x6 0x34 0x06 0x2c 0xd3 0x01 0xfc 0xfc 0x04 0x00
          0x2c 0xfc 0x08 0xc1 0x13  //Send message
Response:
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 .......
 00 00 00 00 00 00 00 00
Command:  ipmitool raw 0x06 0x33  //Get Message
Response: fc fc d4 30 2c fc 04 c1 13
Command:  ipmitool raw 0x06 0x35  //ReadEventMessageBuffer
Response: 55 55 c0 41 a7 00 00 00 00 00 3a ff 00 ff ff ff

Verified from Clear Linux (System interface):
Command:  ipmitool raw 0x06 0x2e 0x09  //Set BMC Global Enables
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd5): Command not supported in present state

After Fix:
1. Verified executing from BMC.
2. Enable ProvisionedHostWhitelist mode (KCS trust policy) and verified.

Command:  ipmitool raw 0x06 0x2e 0x09  //Set BMC Global Enables
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd5): Command not supported in present state
Command:  ipmitool raw 0x06 0x30 0x00  //Clear Message Flags
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd5): Command not supported in present state
Command:  ipmitool raw 0x06 0x31 //Get Message Flags
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd5): Command not supported in present state
Command:  ipmitool raw 0x06 0x33  //Get Message
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd5): Command not supported in present state
Command:  ipmitool raw 0x06 0x35  //ReadEventMessageBuffer
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd5): Command not supported in present state

Verified from system interface using cmdtool utility and Clear linux.
Command:  cmdtool.efi 20 18 2e 9  //Set BMC Global Enables
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd4): Insufficient privilege level
Command:  cmdtool.efi 20 18 30 00  //Clear Message Flags
Response: 00   //Success
Command:  cmdtool.efi 20 18 31  //Get Message Flags
Response: 00 02
Command:  cmdtool.efi 20 18 33  //Get Message
Response: 00 FC FC D4 30 2C FC 04 C1 13
Command:  cmdtool.efi 20 18 35  //ReadEventMessageBuffer
Response: 00 55 55 C0 41 A7 00 00 00 00 00 3A FF 00 FF FF FF

Verified using Clear Linux (System Interface)
Command:  ipmitool raw 6 0x2e  //Set BMC Global Enables
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2e rsp=0xd4): Insufficient privilege level
Command:  ipmitool raw 6 0x30 0x00  //Clear Message Flags
Response:    //Success
Command:  ipmitool raw 6 0x31    //Get Message Flags
Response: 02

Note: OpenIPMI driver provided by the Linux kernel will reject the
      Get Message, Send Message and Read Event Message Buffer commands
      because it handles the message sequencing internally.
https://manpages.debian.org/testing/ipmitool/ipmitool.1.en.html

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Id2246a9f7427f9c4af12201fc9d19cccb41fc6ae
2 files changed
tree: e0ac1724a1f9741ff59e0d7a0cd24e85ba7d6c36
  1. docs/
  2. include/
  3. non-yocto/
  4. src/
  5. tests/
  6. .clang-format
  7. .gitignore
  8. cmake-format.json
  9. CMakeLists.txt
  10. CMakeLists.txt.in
  11. generate-whitelist.py
  12. ipmi-whitelist.conf
  13. LICENSE
  14. MAINTAINERS
  15. README.md
README.md

Intel IPMI OEM support library

This component is intended to provide Intel-specific IPMI[3] command handlers for OpenBMC. These handlers are intended to integrate BMC with servers based on Intel architecture.

Overview

intel-ipmi-oem serves as an extension[1] to OpenBMC IPMI daemon[2]. It is compiled as a shared library and intended to both:

  • override existing implementation of standard IPMI commands to comply with Intel-specific solutions,
  • provide implementation for non-standard OEM extensions.

Capabilities

Related features provided by the library are grouped in separate source files. Main extensions to vanilla OpenBMC IPMI stack are the following:

  • Acquiring SMBIOS data over IPMI
  • Commands for better integration with Intel hardware
  • Firmware update extensions
  • Extended parsing of IPMI Platform Events[4]

References

  1. OpenBMC IPMI Architecture
  2. Phosphor IPMI Host
  3. IPMI Specification v2.0
  4. Intel Platform Events parsing