diff options
| author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2019-12-06 00:29:56 +0300 |
|---|---|---|
| committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2019-12-07 00:29:02 +0300 |
| commit | 243c130a919c7037b5edd3a8097317340796ce85 (patch) | |
| tree | aeb0bc9b3b1f7dc804106a605f0177f8ee0e7dc5 /meta-openbmc-mods/meta-common/recipes-core/security-registers-check | |
| parent | ccd6cab15aedd223a42dfdb110ab2d71d8a87141 (diff) | |
| download | openbmc-243c130a919c7037b5edd3a8097317340796ce85.tar.xz | |
Update to internal 2019-12-05
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core/security-registers-check')
3 files changed, 78 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb new file mode 100644 index 000000000..29f8e4986 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb @@ -0,0 +1,26 @@ +SUMMARY = "Security registers check" +DESCRIPTION = "script tool to check if registers value are security \ + log the security event to systemd journal, and also log to redfish \ + " + +S = "${WORKDIR}" +SRC_URI = "file://security-registers-check.sh \ + file://security-registers-check.service \ +" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" +RDEPENDS_${PN} += "bash logger-systemd" + +inherit systemd + +FILES_${PN} += "${systemd_system_unitdir}/security-registers-check.service" + +do_install() { + install -d ${D}${systemd_system_unitdir} + install -m 0777 ${WORKDIR}/security-registers-check.service ${D}${systemd_system_unitdir} + install -d ${D}${bindir} + install -m 0777 ${S}/security-registers-check.sh ${D}/${bindir}/security-registers-check.sh +} + +SYSTEMD_SERVICE_${PN} += " security-registers-check.service"
\ No newline at end of file diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.service b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.service new file mode 100644 index 000000000..b824dbe3e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.service @@ -0,0 +1,10 @@ +[Unit] +Description=Check for security registers + +[Service] +Type=oneshot +ExecStart=/usr/bin/security-registers-check.sh +Nice=5 + +[Install] +WantedBy=multi-user.target diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.sh b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.sh new file mode 100644 index 000000000..211120c78 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.sh @@ -0,0 +1,42 @@ +#!/bin/sh +value=`cat /sys/devices/platform/ahb/ahb:apb/1e6e2000.syscon/1e6e2000.syscon:misc_control/uart_port_debug` +if [ $value == 0 ] + then + # log the detailed last security registers check messages + logger -t security-registers-check "Uart port debug is enabled! Log as following:" + echo "Uart port debug is enabled." | logger + # Also log it to redfish + cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.SecurityUartPortDebugEnabled +PRIORITY=4 +MESSAGE=BMC Uart port debug is enabled +EOF +fi + +value=`cat /sys/devices/platform/ahb/ahb:apb/1e6e2000.syscon/1e6e2000.syscon:misc_control/p2a-bridge` +if [ $value == 1 ] + then + # log the detailed last security registers check messages + logger -t security-registers-check "P2A(PCIe to AHB) bridge is enabled! Log as following:" + echo "P2A(PCIe to AHB) bridge is enabled." | logger + # Also log it to redfish + cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.SecurityP2aBridgeEnabled +PRIORITY=4 +MESSAGE=BMC P2A(PCIe to AHB) bridge is enabled +EOF +fi + +value=`cat /sys/devices/platform/ahb/ahb:apb/1e6e2000.syscon/1e6e2000.syscon:misc_control/boot-2nd-flash` +if [ $value == 1 ] + then + # log the detailed last security registers check messages + logger -t security-registers-check "BMC 2nd boot flash is enabled! Log as following:" + echo "BMC 2nd boot flash is enabled." | logger + # Also log it to redfish + cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.SecurityBoot2ndFlashEnabled +PRIORITY=4 +MESSAGE=BMC 2nd boot flash is enabled +EOF +fi |