diff options
| author | Yuxiao Zhang <yuxiaozhang@google.com> | 2024-01-24 21:15:45 +0300 |
|---|---|---|
| committer | Yuxiao Zhang <yuxiaozhang@google.com> | 2024-01-26 20:33:23 +0300 |
| commit | b7b564fcdc28fde4ff616d5576e2769ce99f0595 (patch) | |
| tree | 7a0bb3a4158ac29973b52a73341b5b3ee417cebe /meta-google | |
| parent | bd01c3b231ce53c9ab212a835196eb9b72c3b4c4 (diff) | |
| download | openbmc-b7b564fcdc28fde4ff616d5576e2769ce99f0595.tar.xz | |
meta-google: add recipe to disable/enable host console
Add a service that will trigger by gbmc-bare-metal-active target, upon
start/stop it will disable/re-enable obmc host console.
Tested: manually tested with stopping/starting the target
Change-Id: Ia57c825708bfe16f8f7967f6636d90327d28b5c0
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
Diffstat (limited to 'meta-google')
3 files changed, 64 insertions, 0 deletions
diff --git a/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console.bb b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console.bb new file mode 100644 index 0000000000..0fc0ca46ab --- /dev/null +++ b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console.bb @@ -0,0 +1,32 @@ +SUMMARY = "Disable obmc-console while the customer's host OS is running" +DESCRIPTION = "Disable obmc-console while an untrusted host OS is running" +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +inherit systemd + +SRC_URI += " \ + file://disable-obmc-console.service \ + file://disable_obmc_console.sh \ +" + +DEPENDS += "systemd" + +RDEPENDS:${PN}:append = " \ + bash \ + bare-metal-active \ + " + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = " \ + disable-obmc-console.service \ + " + +do_install:append() { + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/disable-obmc-console.service ${D}${systemd_system_unitdir} + install -d -m0755 ${D}${libexecdir} + install -m0755 ${WORKDIR}/disable_obmc_console.sh ${D}${libexecdir}/ +} diff --git a/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable-obmc-console.service b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable-obmc-console.service new file mode 100644 index 0000000000..224eb7361b --- /dev/null +++ b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable-obmc-console.service @@ -0,0 +1,13 @@ +[Unit] +Description=Disable obmc console +BindsTo=gbmc-bare-metal-active.target +Before=gbmc-bare-metal-active.target disable-ipmi-kcs.service + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/libexec/disable_obmc_console.sh +ExecStop=/usr/libexec/disable_obmc_console.sh -r + +[Install] +WantedBy=gbmc-bare-metal-active.target diff --git a/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable_obmc_console.sh b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable_obmc_console.sh new file mode 100644 index 0000000000..aaa8dc6319 --- /dev/null +++ b/meta-google/recipes-google/bare-metal-obmc-console/bare-metal-obmc-console/disable_obmc_console.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +ENABLE_CONSOLE_FILE="/var/google/config-package/enable-bm-console.flag" +READ_ONLY_CONSOLE_FLAG="/run/readonly-console.flag" + +[ ! -f $ENABLE_CONSOLE_FILE ] || exit 0 + +if [ "$1" == '-r' ]; then + # re-enable obmc console + touch $READ_ONLY_CONSOLE_FLAG + + # stop bmc console client will start the host console + systemctl stop serial-to-bmc@* +else + rm -f $READ_ONLY_CONSOLE_FLAG + + # stop host console client will start the bmc console + systemctl stop serial-to-host@* +fi |