| Matt Spinler | f7616bc | 2019-11-19 09:23:37 -0600 | [diff] [blame] | 1 | description: > |
| 2 | Settings to clear or reset the security keys. |
| 3 | |
| 4 | properties: |
| 5 | - name: ClearHostSecurityKeys |
| 6 | type: byte |
| 7 | description: > |
| 8 | This is a bit mask used to specify clearing different security keys |
| 9 | or resetting those values back to default by the host. Setting this |
| 10 | property does not guarantee a successful operation as additional |
| 11 | conditions will be checked by the host to clear/reset the sensitive |
| 12 | data. This property will be mapped to a new IPMI sensor. |
| 13 | |
| 14 | The new property is having an integer value and the default value |
| 15 | will be zero. The end operation is determined by the bit value set |
| 16 | and some of the customer use cases which maps to bit value are |
| 17 | |
| 18 | Bit 0 - Clear All : Clear/reset all the sensitive data controlled by |
| 19 | platform firmware from the system. System can generate new |
| 20 | data to re-enable the affected functions if required |
| 21 | Bit 1 - Clear OS PK : This directs OPAL to clear the OS platform key |
| 22 | Bit 2 - Clear PEF SSO : This directs OPAL/PEF to clear the |
| 23 | System Security Officer certificate |
| 24 | Bit 3 - Clear PowerVM System Key : This directs PowerVM to reset the |
| 25 | system key back to the default state |
| 26 | Bit 4-6 - Reserved |