diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch new file mode 100644 index 000000000..62d5376d6 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/dbus/phosphor-dbus-interfaces/0021-D-Bus-Intf-Security-modes-property-intf-update.patch @@ -0,0 +1,80 @@ +From 9b0630f40c7fb1143901f7d114c376426cc03501 Mon Sep 17 00:00:00 2001 +From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> +Date: Sat, 15 Jun 2019 01:04:41 +0530 +Subject: [PATCH] [D-Bus Intf] Security modes property & intf update + +Defined new values for RestrictionMode property and defined +SpecialMode interfaces to handle special cases like manufacturing +and validation mode in OpenBMC. + +Note: Please refer Security mode design doc under review for more +details +https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/21195/ + +Change-Id: I270e7d23ca2ed260f2d121e3844c2ca79150070e +Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> +--- + .../Security/RestrictionMode.interface.yaml | 16 +++++++++++++ + .../Control/Security/SpecialMode.interface.yaml | 26 ++++++++++++++++++++++ + 2 files changed, 42 insertions(+) + create mode 100644 xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml + +diff --git a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml +index 8e4fd8d..afd2279 100644 +--- a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml ++++ b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml +@@ -21,3 +21,19 @@ enumerations: + - name: Blacklist + description: > + Prevent, if in the blacklist. ++ - name: Provisioning ++ description: > ++ Indicate that system is in provisioning mode ++ and all commands are allowed in system inteface ++ in both pre and post BIOS boot. ++ - name: ProvisionedHostWhitelist ++ description: > ++ Commands in the whitelist will only be executed ++ through system interface after BIOS POST complete. ++ All KCS commands are supported before POST complete. ++ - name: ProvisionedHostDisabled ++ description: > ++ Commands through system interface are executed only ++ till BIOS POST complete notification, after ++ which no system interface commands will be executed(other ++ than BIOS SMI based ones). +diff --git a/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml +new file mode 100644 +index 0000000..6760076 +--- /dev/null ++++ b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml +@@ -0,0 +1,26 @@ ++description: > ++ Implement to specify a special mode of operation ++ ++properties: ++ - name: SpecialMode ++ type: enum[self.Modes] ++ description: > ++ The special mode. ++ ++enumerations: ++ - name: Modes ++ description: > ++ Possible modes available. ++ values: ++ - name: None ++ description: > ++ BMC is under normal working condition. ++ - name: Manufacturing ++ description: > ++ Indicate that BMC is in manufacturing mode ++ and is allowed to perform any manufacturing related ++ activity ++ - name: ValidationUnsecure ++ description: > ++ Indicate that BMC is in validation mode, and can ++ execute any special validation related commands +-- +2.7.4 + |