commit | 1662ba6bec808437a7aeb3689c9ed185cabd5351 | [log] [tgz] |
---|---|---|
author | Andrew Geissler <geissonator@yahoo.com> | Fri Mar 18 13:51:46 2022 -0500 |
committer | Andrew Geissler <andrew@geissonator.com> | Wed Apr 27 01:02:25 2022 +0000 |
tree | f801c739da975c3ca834a01e491099459fbcfdec | |
parent | 6537ce11baffde423920d00149ec983310342d6a [diff] |
secure-boot: add service to run new secure check Tested: - Built image with new service installed and verified that when QuiesceOnHwError was not set, we just got this: Mar 18 16:09:46 p10bmc systemd[1]: Starting Phosphor BMC Security Check... Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: bmc-secure-boot gpio found and indicates it is NOT enabled Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: Read 0 from secure_boot Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: Read 0 from abr_image Mar 18 16:09:47 p10bmc systemd[1]: Finished Phosphor BMC Security Check. - When QuiesceOnHwError was set, we got this: Mar 18 16:37:10 p10bmc systemd[1]: Starting Phosphor BMC Security Check... Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: bmc-secure-boot gpio found and indicates it is NOT enabled Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: Read 0 from secure_boot Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: Read 0 from abr_image Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: The system is not secure Mar 18 16:37:10 p10bmc systemd[1]: Finished Phosphor BMC Security Check. AND a log: "Severity" : { "type" : "s", "data" : "xyz.openbmc_project.Logging.Entry.Level.Warning" }, "Message" : { "type" : "s", "data" : "xyz.openbmc_project.State.Error.SecurityCheckFail" }, "EventId" : { "type" : "s", "data" : "BD8D3405 00000055 2E2D0010 00000000 00000000 00000000 00000000 00000000 00000000" }, "AdditionalData" : { "type" : "as", "data" : [ "SECURE_BOOT_GPIO=0", "SYSFS_ABR_IMAGE_VAL=0", "SYSFS_SECURE_BOOT_VAL=0", "_PID=1001" ] }, Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I6513280d30672907341b8f3fc583644ebec4cdc5
This repository contains the software responsible for tracking and controlling the state of different objects within OpenBMC. This currently includes the BMC, Chassis, and Host. The most critical feature of phosphor-state-manager software is its support for requests to power on and off the system by the user.
This software also enforces any restore policy (i.e. auto power on system after a system power event or bmc reset) and ensures its states are updated correctly in situations where the BMC is rebooted and the chassis or host are in on/running states.
This repository also provides a command line tool, obmcutil, which provides basic command line support to query and control phosphor-state-manager applications running within an OpenBMC system. This tool itself runs within an OpenBMC system and utilizes D-Bus APIs. These D-Bus APIs are used for development and debug and are not intended for end users.
As with all OpenBMC applications, interfaces and properties within phosphor-state-manager are D-Bus interfaces. These interfaces are then used by external interface protocols, such as Redfish and IPMI, to report and control state to/by the end user.
phosphor-state-manager makes extensive use of systemd. There is a writeup here with an overview of systemd and its use by OpenBMC.
phosphor-state-manager follows some basics design guidelines in its implementation and use of systemd:
phosphor-state-manager implements states and state requests as defined in phosphor-dbus-interfaces for each object it supports.
Ready
once all services within the default.target have executed. The only state change request you can make of the BMC is for it to reboot itself.On
or Off
.Off
, Running
, Quiesced
(error condition), or in DiagnosticMode
(collecting diagnostic data for a failure)As noted above, phosphor-state-manager provides a command line tool, obmcutil, which takes a state
parameter. This will use D-Bus commands to retrieve the above states and present them to the user. It also provides other commands which will send the appropriate D-Bus commands to the above properties to power on/off the chassis and host (see obmcutil --help
within an OpenBMC system).
The above objects also implement other D-Bus objects like power on hours, boot progress, reboot attempts, and operating system status. These D-Bus objects are also defined out in the phosphor-dbus-interfaces repository.
The RestorePolicy defines the behavior the user wants when the BMC is reset. If the chassis or host is on/running then this service will not run. If they are off then the RestorePolicy
will be read and executed by phosphor-state-manager code.
In situations where the BMC is reset and the chassis and host are on and running, its critical that the BMC software do two things:
Note that some of this logic is provided via service files in system-specific meta layers. That is because the logic to determine if the chassis is on or if the host is running can vary from system to system. The requirement to create the files defined below and ensure the common targets go active is a must for anyone wishing to enable this feature.
phosphor-state-manager discovers state vs. trying to cache and save states. This ensure it's always getting the most accurate state information. It discovers the chassis state by checking the pgood
value from the power application. If it determines that power is on then it will do the following:
On
The chassis@0-on file is removed once the obmc-chassis-poweron@0.target becomes active (i.e. all service have been successfully started which are wanted or required by this target).
The logic to check if the host is on sends a command to the host, and if a response is received then similar logic to chassis is done:
The host@0-on file is removed once the obmc-host-start@0.target and obmc-host-startmin@0.target become active (i.e. all service have been successfully started which are wanted or required by these targets).
To build this package, do the following steps: 1. meson build 2. ninja -C build To clean the repository again run `rm -rf build`.