1 files changed, 80 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch
new file mode 100644
index 000000000..62d5376d6
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch
@@ -0,0 +1,80 @@
+From 9b0630f40c7fb1143901f7d114c376426cc03501 Mon Sep 17 00:00:00 2001
+From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
+Date: Sat, 15 Jun 2019 01:04:41 +0530
+Subject: [PATCH] [D-Bus Intf] Security modes property & intf update
+
+Defined new values for RestrictionMode property and defined
+SpecialMode interfaces to handle special cases like manufacturing
+and validation mode in OpenBMC.
+
+Note: Please refer Security mode design doc under review for more
+details
+https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/21195/
+
+Change-Id: I270e7d23ca2ed260f2d121e3844c2ca79150070e
+Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
+---
+ .../Security/RestrictionMode.interface.yaml        | 16 +++++++++++++
+ .../Control/Security/SpecialMode.interface.yaml    | 26 ++++++++++++++++++++++
+ 2 files changed, 42 insertions(+)
+ create mode 100644 xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
+
+diff --git a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
+index 8e4fd8d..afd2279 100644
+--- a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
++++ b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
+@@ -21,3 +21,19 @@ enumerations:
+         - name: Blacklist
+           description: >
+             Prevent, if in the blacklist.
++        - name: Provisioning
++          description: >
++            Indicate that system is in provisioning mode
++            and all commands are allowed in system inteface
++            in both pre and post BIOS boot.
++        - name: ProvisionedHostWhitelist
++          description: >
++            Commands in the whitelist will only be executed
++            through system interface after BIOS POST complete.
++            All KCS commands are supported before POST complete.
++        - name: ProvisionedHostDisabled
++          description: >
++            Commands through system interface are executed only
++            till BIOS POST complete notification, after
++            which no system interface commands will be executed(other
++            than BIOS SMI based ones).
+diff --git a/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
+new file mode 100644
+index 0000000..6760076
+--- /dev/null
++++ b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
+@@ -0,0 +1,26 @@
++description: >
++    Implement to specify a special mode of operation
++
++properties:
++    - name: SpecialMode
++      type: enum[self.Modes]
++      description: >
++          The special mode.
++
++enumerations:
++    - name: Modes
++      description: >
++        Possible modes available.
++      values:
++        - name: None
++          description: >
++            BMC is under normal working condition.
++        - name: Manufacturing
++          description: >
++            Indicate that BMC is in manufacturing mode
++            and is allowed to perform any manufacturing related
++            activity
++        - name: ValidationUnsecure
++          description: >
++            Indicate that BMC is in validation mode, and can
++            execute any special validation related commands
+-- 
+2.7.4
+