Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-state-manager / 9f38152abf80aba2f0177cb55729ff107f54947d^! / . / chassis_state_manager.cpp
commit9f38152abf80aba2f0177cb55729ff107f54947d[log] [tgz]
authorThang Tran <thuutran@amperecomputing.com>Fri Oct 18 10:11:01 2024 +0700
committerThang Tran <thuutran@amperecomputing.com>Wed Dec 11 02:07:48 2024 +0000
treebc73b4d48e01717c109d26236ae770ff78e33339
parentd01e1eaab0ad671b54592e0306ede50bcbb9906e [diff] [blame]
reject Transition request while firmware being flashed

When users request to flash BMC/Host... firmware, the BMC should reject
turning on the host or rebooting BMC requests to protect the system.
As defined in the PDIs [1], the ActivationBlocksTransition interface is
used to prevent power-on during flashing. The phosphor-state-manager
shall look for this interface to make decision should transition request
is executed or not. When BMC rejects the transition request, an error is
thrown as defined in PDIs [2].

[1] https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/Software/ActivationBlocksTransition.interface.yaml
[2] https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/75231

Tested:
  Enable check-fwupdate-before-do-transition option
    1. Request to flash Host's firmware via Redfish or WebUi
    2. Request to turn off the Host.
       $ipmitool power off
    3. BMC turns off the power.
    4. Request to turn on the Host.
       $ipmitool power on
    5. BMC rejects above request. No power action is executed.
    6. Request to reboot BMC.
       $ipmitool mc reset cold
    7. BMC did not reboot.
    8. Request turn on the Host after flashing done.
    9. BMC turns on the Power.
    10. Request to reboot BMC.
    11. BMC reboots.

  Disable check-fwupdate-before-do-transition option
    1. Request to flash Host's firmware via Redfish or WebUi
    2. Request to turn off the Host.
       $ipmitool power off
    3. BMC turns off the power.
    4. Request to turn on the Host.
       $ipmitool power on
    5. BMC does not reject this request, but no power action is handled
    6. When flashing done, BMC turns on the power.

Change-Id: If3998e58d24cfb72d13b01eb5b8c8cc5a39b3c95
Signed-off-by: Thang Tran <thuutran@amperecomputing.com>

diff --git a/chassis_state_manager.cpp b/chassis_state_manager.cpp
index 05cc784..324270b 100644
--- a/chassis_state_manager.cpp
+++ b/chassis_state_manager.cpp

@@ -597,6 +597,19 @@
             BMCNotReady();
     }
 #endif
+
+#ifdef CHECK_FWUPDATE_BEFORE_DO_TRANSITION
+    /*
+     * Do not do transition when the any firmware being updated
+     */
+    if ((value != Transition::Off) &&
+        (phosphor::state::manager::utils::isFirmwareUpdating(this->bus)))
+    {
+        info("Firmware being updated, reject the transition request");
+        throw sdbusplus::xyz::openbmc_project::Common::Error::Unavailable();
+    }
+#endif // CHECK_FWUPDATE_BEFORE_DO_TRANSITION
+
     startUnit(systemdTargetTable.find(value)->second);
     return server::Chassis::requestedPowerTransition(value);
 }