diff options
| author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2019-12-06 00:29:56 +0300 |
|---|---|---|
| committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2019-12-07 00:29:02 +0300 |
| commit | 243c130a919c7037b5edd3a8097317340796ce85 (patch) | |
| tree | aeb0bc9b3b1f7dc804106a605f0177f8ee0e7dc5 /meta-openbmc-mods/meta-common/recipes-core | |
| parent | ccd6cab15aedd223a42dfdb110ab2d71d8a87141 (diff) | |
| download | openbmc-243c130a919c7037b5edd3a8097317340796ce85.tar.xz | |
Update to internal 2019-12-05
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core')
13 files changed, 155 insertions, 11 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb index 23288a3c2..b57ae1ca5 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb @@ -13,7 +13,14 @@ DEPENDS = "sdbusplus openssl libpam libgpiod" do_configure[depends] += "virtual/kernel:do_shared_workdir" SRC_URI = "git://git@github.com/Intel-BMC/asd;protocol=ssh" -SRCREV = "0d25836d8c63372890fbb7f40c54de6166a0a76f" +SRCREV = "1.4.2" + +inherit useradd + +USERADD_PACKAGES = "${PN}" + +# add a special user asdbg +USERADD_PARAM_${PN} = "-u 999 asdbg" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb index 32bb0a8b9..21ae0bff7 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb @@ -13,7 +13,7 @@ LICENSE = "Proprietary" LIC_FILES_CHKSUM = "file://LICENSE;md5=26bb6d0733830e7bab774914a8f8f20a" SRC_URI = "git://git@github.com/Intel-BMC/crashdump;protocol=ssh" -SRCREV = "042f17fafee9fd68a885a3e503113ffad6209625" +SRCREV = "0.4" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend new file mode 100644 index 000000000..307400322 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend @@ -0,0 +1,5 @@ +do_install_append() { + # Remove dropbear service, if debug-tweaks is disabled + ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'rm ${D}/${systemd_unitdir}/system/dropbear@.service', d)} +} + diff --git a/meta-openbmc-mods/meta-common/recipes-core/fw-update/files/fwupd.sh b/meta-openbmc-mods/meta-common/recipes-core/fw-update/files/fwupd.sh index 889a73c06..ca5da9598 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/fw-update/files/fwupd.sh +++ b/meta-openbmc-mods/meta-common/recipes-core/fw-update/files/fwupd.sh @@ -13,6 +13,36 @@ usage() { exit 1 } +logevent_update_started() { +echo +cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.FirmwareUpdateStarted +PRIORITY=2 +MESSAGE=$1 firmware update to version $2 started. +REDFISH_MESSAGE_ARGS=$1,$2 +EOF +} + +logevent_update_completed() { +echo +cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.FirmwareUpdateCompleted +PRIORITY=2 +MESSAGE=$1 firmware update to version $2 completed. +REDFISH_MESSAGE_ARGS=$1,$2 +EOF +} + +logevent_update_failed() { +echo +cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.FirmwareUpdateFailed +PRIORITY=4 +MESSAGE=$1 firmware update to version $2 failed. +REDFISH_MESSAGE_ARGS=$1,$2 +EOF +} + if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then usage; fi if [ $# -eq 0 ]; then # set DEFURI in $HOME/.fwupd.defaults @@ -138,17 +168,28 @@ rm -f $LOCAL_PATH echo "Setting update intent in PFR CPLD" sleep 5 # delay for sync and to get the above echo messages # write to PFRCPLD about BMC update intent. -i2cset -y 4 0x70 0x13 $upd_intent_val +i2cset -y 4 0x38 0x13 $upd_intent_val else # Non-PFR image update section +version="unknown" +component="BMC" +manifest_file=$(dirname "${REMOTE_PATH}")"/MANIFEST" +if [ -e $manifest_file ]; then + version=`awk -F= -v key="version" '$1==key {print $2}' $manifest_file` +fi + +logevent_update_started $component $version + # do a quick sanity check on the image if [ $(stat -c "%s" "$LOCAL_PATH") -lt 10000000 ]; then echo "Update file "$LOCAL_PATH" seems to be too small" + logevent_update_failed $component $version exit 1 fi dtc -I dtb -O dtb "$LOCAL_PATH" > /dev/null 2>&1 if [ $? -ne 0 ]; then echo "Update file $LOCAL_PATH doesn't seem to be in the proper format" + logevent_update_failed $component $version exit 1 fi @@ -163,10 +204,22 @@ case "$BOOTADDR" in esac echo "Updating $(basename $TGT) (use bootm $BOOTADDR)" flash_erase $TGT 0 0 +if [ $? -ne 0 ]; then + echo "Erasing the flash failed" + logevent_update_failed $component $version + exit 1 +fi echo "Writing $(stat -c "%s" "$LOCAL_PATH") bytes" cat "$LOCAL_PATH" > "$TGT" +if [ $? -ne 0 ]; then + echo "Writing to flash failed" + logevent_update_failed $component $version + exit 1 +fi fw_setenv "bootcmd" "bootm ${BOOTADDR}" +logevent_update_completed $component $version + # reboot reboot fi diff --git a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_git.bb b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_git.bb index 65e6a1778..5aab3db34 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_git.bb @@ -2,14 +2,14 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" inherit cmake systemd -SRC_URI = "git://git@github.com/Intel-BMC/provingground.git;protocol=ssh" +SRC_URI = "git://git@github.com/Intel-BMC/host-error-monitor.git;protocol=ssh" DEPENDS = "boost sdbusplus libgpiod libpeci" PV = "0.1+git${SRCPV}" -SRCREV = "4aec5d06d6adbaf53dbe7f18ea9f803eb2198b86" +SRCREV = "ba7c4e08b423dc71bb8dcb963942cba860cdf7d4" -S = "${WORKDIR}/git/host_error_monitor" +S = "${WORKDIR}/git" SYSTEMD_SERVICE_${PN} += "xyz.openbmc_project.HostErrorMonitor.service" diff --git a/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb b/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb index a678fe72f..560efc72c 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb @@ -2,7 +2,7 @@ SUMMARY = "libmctp" DESCRIPTION = "Implementation of MCTP (DTMF DSP0236)" SRC_URI = "git://github.com/openbmc/libmctp.git" -SRCREV = "195a7c5e212f7fb50c850880519073ec99133607" +SRCREV = "8081beba756d371cba40dee86b37bbc654020b17" PV = "0.1+git${SRCPV}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend index 32a6dcf45..baab0e9eb 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend @@ -1,3 +1,4 @@ EXTRA_OECMAKE += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', '-DINTEL_PFR_ENABLED=ON', '', d)}" +EXTRA_OECMAKE += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'validation-unsecure', '-DBMC_VALIDATION_UNSECURE_FEATURE=ON', '', d)}" SRC_URI = "git://github.com/openbmc/intel-ipmi-oem.git" -SRCREV = "262276f4964191d780aeab3a821de54b01c0a8ff" +SRCREV = "09a8314bb754dccd4af2ef8d2d9e6e43f6da74ec" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_git.bb b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_git.bb index f515501e8..8b97f95e8 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_git.bb @@ -5,7 +5,7 @@ inherit cmake SRC_URI = "git://git@github.com/Intel-BMC/provingground.git;protocol=ssh" PV = "0.1+git${SRCPV}" -SRCREV = "4aec5d06d6adbaf53dbe7f18ea9f803eb2198b86" +SRCREV = "e1dbcef575309efeb04d275565a6e9649f3b89dd" S = "${WORKDIR}/git/libpeci" diff --git a/meta-openbmc-mods/meta-common/recipes-core/peci-pcie/peci-pcie_git.bb b/meta-openbmc-mods/meta-common/recipes-core/peci-pcie/peci-pcie_git.bb index 10b34354c..2b77a193c 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/peci-pcie/peci-pcie_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/peci-pcie/peci-pcie_git.bb @@ -10,7 +10,7 @@ SRC_URI = "git://git@github.com/Intel-BMC/at-scale-debug;protocol=ssh" DEPENDS = "boost sdbusplus libpeci" PV = "0.1+git${SRCPV}" -SRCREV = "20016caebaac78c3290462ffa8df10c2efd61261" +SRCREV = "98c33cdb7d704a387edee4ac8f0ef98ea771b222" S = "${WORKDIR}/git/peci_pcie" diff --git a/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb b/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb index 646d9612f..a09c8ac2d 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb @@ -7,7 +7,7 @@ SECTION = "lib" inherit autotools pkgconfig S = "${WORKDIR}/git" -SRCREV = "5d92be815bf35137eb31fb653e435321a511311c" +SRCREV = "60786283fd61cd621a5d1df00e083a1c1e3cf52a" SRC_URI = "git://github.com/rurban/safeclib.git" COMPATIBLE_HOST = '(x86_64|i.86|powerpc|powerpc64|arm|aarch64).*-linux' diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb new file mode 100644 index 000000000..29f8e4986 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb @@ -0,0 +1,26 @@ +SUMMARY = "Security registers check" +DESCRIPTION = "script tool to check if registers value are security \ + log the security event to systemd journal, and also log to redfish \ + " + +S = "${WORKDIR}" +SRC_URI = "file://security-registers-check.sh \ + file://security-registers-check.service \ +" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" +RDEPENDS_${PN} += "bash logger-systemd" + +inherit systemd + +FILES_${PN} += "${systemd_system_unitdir}/security-registers-check.service" + +do_install() { + install -d ${D}${systemd_system_unitdir} + install -m 0777 ${WORKDIR}/security-registers-check.service ${D}${systemd_system_unitdir} + install -d ${D}${bindir} + install -m 0777 ${S}/security-registers-check.sh ${D}/${bindir}/security-registers-check.sh +} + +SYSTEMD_SERVICE_${PN} += " security-registers-check.service"
\ No newline at end of file diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.service b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.service new file mode 100644 index 000000000..b824dbe3e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.service @@ -0,0 +1,10 @@ +[Unit] +Description=Check for security registers + +[Service] +Type=oneshot +ExecStart=/usr/bin/security-registers-check.sh +Nice=5 + +[Install] +WantedBy=multi-user.target diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.sh b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.sh new file mode 100644 index 000000000..211120c78 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check/security-registers-check.sh @@ -0,0 +1,42 @@ +#!/bin/sh +value=`cat /sys/devices/platform/ahb/ahb:apb/1e6e2000.syscon/1e6e2000.syscon:misc_control/uart_port_debug` +if [ $value == 0 ] + then + # log the detailed last security registers check messages + logger -t security-registers-check "Uart port debug is enabled! Log as following:" + echo "Uart port debug is enabled." | logger + # Also log it to redfish + cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.SecurityUartPortDebugEnabled +PRIORITY=4 +MESSAGE=BMC Uart port debug is enabled +EOF +fi + +value=`cat /sys/devices/platform/ahb/ahb:apb/1e6e2000.syscon/1e6e2000.syscon:misc_control/p2a-bridge` +if [ $value == 1 ] + then + # log the detailed last security registers check messages + logger -t security-registers-check "P2A(PCIe to AHB) bridge is enabled! Log as following:" + echo "P2A(PCIe to AHB) bridge is enabled." | logger + # Also log it to redfish + cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.SecurityP2aBridgeEnabled +PRIORITY=4 +MESSAGE=BMC P2A(PCIe to AHB) bridge is enabled +EOF +fi + +value=`cat /sys/devices/platform/ahb/ahb:apb/1e6e2000.syscon/1e6e2000.syscon:misc_control/boot-2nd-flash` +if [ $value == 1 ] + then + # log the detailed last security registers check messages + logger -t security-registers-check "BMC 2nd boot flash is enabled! Log as following:" + echo "BMC 2nd boot flash is enabled." | logger + # Also log it to redfish + cat <<EOF | logger-systemd --journald +REDFISH_MESSAGE_ID=OpenBMC.0.1.SecurityBoot2ndFlashEnabled +PRIORITY=4 +MESSAGE=BMC 2nd boot flash is enabled +EOF +fi |