Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / b3563c1e2aed44ff4f64643c4da161876588aa01^! / . / yaml / com / ibm / Dump / Entry / Resource.interface.yaml
commitb3563c1e2aed44ff4f64643c4da161876588aa01[log] [tgz]
authorDhruvaraj Subhashchandran <dhruvaraj@in.ibm.com>Mon May 06 00:21:44 2024 -0500
committerDhruvaraj S <dhruvaraj@gmail.com>Wed May 08 15:23:04 2024 +0000
tree88d993ae9fc3a3db5c47bfa719625fd82f670b42
parent980fb7b56960951d8bfb471e9fe63b9d0bacf127 [diff] [blame]
com.ibm: Add UserChallenge to replace password

This commit integrates a 'UserChallenge' field into the
xyz.openbmc_project.Dump.Entry.Resource interface. This addition aligns
with the change in the system dump interface.

Non-disruptive dumps command considerable host resources, necessitating
strict execution by authorized personnel only. The 'UserChallenge'
serves as a security measure, ensuring that dump operations are
initiated by users validated against an Access Control List (ACL)
provided via the Platform Level Data Model (PLDM).

The host evaluates the 'UserChallenge' against the ACL. If validation
fails, the dump request is rejected.

This change also standardizes the terminology across dump interfaces,
shifting from 'Password' to 'UserChallenge' to maintain consistency.

Change-Id: Ifbbcda1439c1a40a3916c0b896db4c34db13ba21
Signed-off-by: Dhruvaraj Subhashchandran <dhruvaraj@in.ibm.com>

diff --git a/yaml/com/ibm/Dump/Entry/Resource.interface.yaml b/yaml/com/ibm/Dump/Entry/Resource.interface.yaml
index 4372b42..ba9c730 100644
--- a/yaml/com/ibm/Dump/Entry/Resource.interface.yaml
+++ b/yaml/com/ibm/Dump/Entry/Resource.interface.yaml

@@ -18,10 +18,21 @@
       type: string
       description: >
           The resource selector for generating the dump.
-    - name: Password
+    - name: UserChallenge
       type: string
       description: >
-          The password required by host to validate the request.
+          On some host implementations a user-challenge need to be provided by
+          the user and it flows through BMC and up to the host as a part of the
+          dump request. Non-disruptive dumps consume significant host resources
+          and involve the collection of host memory data. To safeguard these
+          operations and ensure they are initiated only by authorized personnel,
+          the provided passphrase is employed. In some systems, an Access
+          Control List (ACL) file, provided through the Platform Level Data
+          Model (PLDM), is used. The host validates the provided user-challenge
+          against this ACL. If the user-challenge doesn't match any entry in the
+          ACL, the host will reject the dump request. This field is needed so
+          the host can check that only authorized users are allowed to perform
+          certain dump operations.
     - name: Token
       type: uint32
       description: >