Value setting for IPMI clear security keys
Support to set the value for ClearSecurityKeys property which can be used to
indicate when certain security keys need to be cleared or reset those values
back to its default state from the system by the host. This property is mapped
to an IPMI sensor and default value will be zero. Setting this property does
not gurantee a successful operation as additional conditions like the physical
presence pin or jumper settings will be checked by the host to clear/reset the
sensitive data.
Tested: Verified that the property is getting created with the expected
default value as zero and can be updated to different values using ipmitool
or busctl command.
1. Default value output:
busctl get-property xyz.openbmc_project.Settings
/org/open_power/control/host0/ClearHostSecurityKeys
org.open_power.Control.TPM.SecurityKeys ClearHostSecurityKeys
y 0
ipmitool -I lanplus -H 9.3.185.33 -U root -P 0penBmc raw 0x04 0x2D 0xE8
00 40 00 00
2. Set to a new value as 5 using busctl command:
busctl set-property xyz.openbmc_project.Settings
/org/open_power/control/host0/ClearHostSecurityKeys
org.open_power.Control.TPM.SecurityKeys ClearHostSecurityKeys y 5
3. After setting to a new value as 5:
ipmitool -I lanplus -H 9.3.185.33 -U root -P 0penBmc raw 0x04 0x2D 0xE8
05 40 00 00
4. ipmitool command to set the value as 4
ipmitool -I lanplus -H 9.3.185.33 -U root -P 0penBmc raw 0x04 0x30 0xE8
0x00 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00
ipmitool -I lanplus -H 9.3.185.33 -U root -P 0penBmc raw 0x04 0x2D 0xE8
09 40 00 00
5. Invalid value test o/p:
ipmitool -I lanplus -H 9.3.185.33 -U root -P 0penBmc raw 0x04 0x30 0xE8
0x00 0x12C 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Given data "0x12C" is invalid.
(From meta-ibm rev: 81a9143100d5d4a7d97350afa1794be694d45590)
Signed-off-by: Jayashankar Padath <jayashankar.padath@in.ibm.com>
Change-Id: I9e12b6e5abb3a9b198921847605a74b771fd9945
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-ibm/meta-witherspoon/recipes-phosphor/configuration/acx22-yaml-config/acx22-ipmi-sensors-mrw.yaml b/meta-ibm/meta-witherspoon/recipes-phosphor/configuration/acx22-yaml-config/acx22-ipmi-sensors-mrw.yaml
index 1c7b6eb..419b9c8 100644
--- a/meta-ibm/meta-witherspoon/recipes-phosphor/configuration/acx22-yaml-config/acx22-ipmi-sensors-mrw.yaml
+++ b/meta-ibm/meta-witherspoon/recipes-phosphor/configuration/acx22-yaml-config/acx22-ipmi-sensors-mrw.yaml
@@ -337,3 +337,15 @@
sensorNamePattern: nameLeaf
serviceInterface: org.freedesktop.DBus.Properties
unit: xyz.openbmc_project.Sensor.Value.Unit.DegreesC
+clear_host_security_keys:
+ interfaces:
+ org.open_power.Control.TPM.SecurityKeys:
+ ClearHostSecurityKeys:
+ Offsets:
+ 255:
+ type: uint8_t
+ path: /org/open_power/control/host0/ClearHostSecurityKeys
+ readingType: readingData
+ mutability: Mutability::Write|Mutability::Read
+ sensorNamePattern: nameLeaf
+ serviceInterface: org.freedesktop.DBus.Properties
diff --git a/meta-ibm/meta-witherspoon/recipes-phosphor/settings/phosphor-settings-manager/ClearHostSecurityKeys-default-zero.override.yml b/meta-ibm/meta-witherspoon/recipes-phosphor/settings/phosphor-settings-manager/ClearHostSecurityKeys-default-zero.override.yml
new file mode 100644
index 0000000..71ed671
--- /dev/null
+++ b/meta-ibm/meta-witherspoon/recipes-phosphor/settings/phosphor-settings-manager/ClearHostSecurityKeys-default-zero.override.yml
@@ -0,0 +1,6 @@
+---
+/org/open_power/control/host0/ClearHostSecurityKeys:
+ - Interface: org.open_power.Control.TPM.SecurityKeys
+ Properties:
+ ClearHostSecurityKeys:
+ Default: 0
diff --git a/meta-ibm/meta-witherspoon/recipes-phosphor/settings/phosphor-settings-manager_%.bbappend b/meta-ibm/meta-witherspoon/recipes-phosphor/settings/phosphor-settings-manager_%.bbappend
index 45c836c..36e406e 100644
--- a/meta-ibm/meta-witherspoon/recipes-phosphor/settings/phosphor-settings-manager_%.bbappend
+++ b/meta-ibm/meta-witherspoon/recipes-phosphor/settings/phosphor-settings-manager_%.bbappend
@@ -1,3 +1,4 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
SRC_URI_append_ibm-ac-server = " file://TPMEnable-default-true.override.yml"
+SRC_URI_append_ibm-ac-server += " file://ClearHostSecurityKeys-default-zero.override.yml"
SRC_URI_append_mihawk = " file://TPMEnable-default-true.override.yml"