diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0005-Fix-remove-bios-user-pwd-change-option-via-Redfish.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0005-Fix-remove-bios-user-pwd-change-option-via-Redfish.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0005-Fix-remove-bios-user-pwd-change-option-via-Redfish.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0005-Fix-remove-bios-user-pwd-change-option-via-Redfish.patch new file mode 100644 index 000000000..26393bfee --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0005-Fix-remove-bios-user-pwd-change-option-via-Redfish.patch @@ -0,0 +1,46 @@ +From edc6925e8c0d9f60da1f70c524261efaf05b2710 Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Wed, 30 Jun 2021 15:42:06 +0000 +Subject: [PATCH 5/5] Fix:remove bios user pwd change option via Redfish + +BMC should not provide user bios setup password change option via +Redfish as per bios security requirements. Only Admin BIOS setup +password is supported. + +Added check for the password name action parameter and +do not allow if it has User Password value from redfish side. + +Tested: sent POST query in redfish on URI: +https://<ip>/redfish/v1/Systems/system/Bios/Actions/Bios.ChangePassword +error occurs for UserPassword parameter and allows for AdminPassword. + +Signed-off-by: Ayushi Smriti <smriti.ayushi@intel.com> +Change-Id: I169cc6a4f786625d9e8b8dfe56816d52b1740f4c +--- + redfish-core/lib/bios.hpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/redfish-core/lib/bios.hpp b/redfish-core/lib/bios.hpp +index 0250c59..360a749 100644 +--- a/redfish-core/lib/bios.hpp ++++ b/redfish-core/lib/bios.hpp +@@ -323,6 +323,16 @@ inline void requestRoutesBiosChangePassword(App& app) + asyncResp->res, "ChangePassword", "PasswordName"); + return; + } ++ ++ // In Intel BIOS, we are not supporting user password in BIOS ++ // setup ++ if (userName == "UserPassword") ++ { ++ messages::actionParameterUnknown( ++ asyncResp->res, "ChangePassword", "PasswordName"); ++ return; ++ } ++ + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code ec) { + if (ec) +-- +2.17.1 + |