Age | Commit message (Collapse) | Author | Files | Lines |
|
This scans the gbmcbr interface for public addresses, and adds the
relevant addresses to the NCSI interface of the BMC. This is required
for neighbor discovery to work from prod over the NCSI link, when the
addresses do not already exist (BMC DHCP will not have them).
Change-Id: I27ff0cd3c4750b752b35399b8a0288db5ac9fe28
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Enabled `update-functional-on-fail` by default for gBMC.
Change-Id: I54b4fbaceb65c09b7b9cb72d7b7dcb7d048c7eba
Signed-off-by: Willy Tu <wltu@google.com>
|
|
This makes our override ordering explicit with respect to layers we
append to.
Change-Id: If6048bcbd0199e730dc5a9bb52667a94887578cd
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
u-boot hashing does not confer any additional security in gBMC (we don't
sign the kernel and hashes live with the image). We can use a much
faster, but bus verifying algorithm instead. Ideally this would be
xxhash, but our u-boot is currently too old.
Change-Id: I796a4ed2db380eb86a9acbeae1f8a5e56cc8cb62
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The gbmc-ncsi-ip-from-ra script was missing these.
Change-Id: Id379632a814519d6623588905273b3e8e3b70528
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Willy Tu (1):
copyright: Add Google Copyright to test helper.cpp
Change-Id: I9465595985668960370f746830a21e3fef246ac8
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
William A. Kennington III (1):
ncsid: Add service for discovering routers
Change-Id: I6691e682cff2785f7ac7a7be89abb234375c167f
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
William A. Kennington III (1):
ncsid: Ignore delete failures
Change-Id: Iace51a7c54bbe316e17fc13dba0757d2d09090c2
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Reconfiguring network interfaces immediately after detecting changes may
not allow them enough time to settle. Without waiting, we might
pre-emptively assume the configuration is changing even though networkd
is just flushing and resetting the interface with the same config.
Change-Id: I6a6858578d0499305fe2a3d3592dc73533bb02f1
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This makes it possible to defer actions for a future time in order to
let networking events settle out before triggering a reconfiguration.
Change-Id: I0b2372ba6b114a6b6548ccac3944af912482d68a
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We plan to use deprecated addresses to allow for neighbor discovery, but
they will be ignored by networkd and this script as to prevent
misconfiguration.
Change-Id: Ibc0bee71c19add79f05b5ce58b34d3175e2f6fbd
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Currently this will make no difference in configuration, but it will be
useful once we implement our DHCP process and need to contend with
multiple configurations.
Change-Id: Ia93530e67cdb88fcbe90ef2b6dfbd5a239469ff7
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We can have multiple gBMC networks within one "machine". This allows us
to have multiple address sets.
Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Add SMBIOS data sent by LinuxBoot to the initfs whitelist
Signed-off-by: Jie Yang <jjy@google.com>
Change-Id: I70e8cedabc8c7a2dc0df581b38695709e047bf96
|
|
William A. Kennington III (5):
libcr51sign: build: Refactor for subproject use
libcr51sign: Fixes for compiler warnings
build: Make it possible to use as a subproject
libcr51sign: Fix struct size warning
libcr51sign: Ensure OMIT_VARIABLE_ARRAYS passed to pkgconfig
Willy Tu (1):
Fixed prod_to_dev_downgrade_allowed logic in validate_transition
Change-Id: I5d2dc218310600b2bcc50541857516f1f4801428
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Change-Id: I351d8bfc8ac46b3317677d0893eabe2522f1c840
Signed-off-by: Willy Tu <wltu@google.com>
|
|
The current log level is too noisy and polluting the journal with lots
of unhelpful debugging messages. Drop the level down to 2 in order to
only produce error messages.
Change-Id: I9d892b80e0d1ba7516614944c4ad74502c6c1aad
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Just turning DHCP off via the DHCP= option is not enough. If you use
IPv6AcceptRA=true you need to also disable the DHCPv6Client= in the
IPv6AcceptRA section.
Change-Id: I6e2e6e3f9b9395bd690f3d1a8915fac5061a0b25
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Manojkiran Eda (1):
Add OWNERS file
Change-Id: I3c5adab1a8a560e174a2823a37d907f92a90df73
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Manojkiran Eda (1):
Add OWNERS file
Change-Id: I6229b878254f752a54faf2054cd27ee362799e3c
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
William A. Kennington III (1):
Temporarily ignore eslint validation
Willy Tu (1):
build: Update to c++20, c18, and meson >= 0.57.0
Change-Id: I8fa3f7206951f9b73834e9d6488d1de26b8957c1
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Aspeed `hoth` used the same layout as Nuvoton.
No need to change it.
Signed-off-by: Michael Shen <gpgpgp@google.com>
Change-Id: I21dd347164d19487c76db26d1cc9426559b2094f
|
|
This make it possible for the hostname or IP information to change
independently, in case a mistake is made in a development environment
and just the hostname or just the prefix need to be updated.
Change-Id: I66169dc6cdee681f77bad4b8638dc6a2c72fca5f
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We can't dynamically bind to the at24 driver if the eeprom is not in
the kernel's device tree. Since this support was intended to be used
for dynamic FRUs, it is broken when the kernel has the entries removed.
Change-Id: I99c774191c22d67e518fe9435b1446b80efb5600
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
William A. Kennington III (1):
ncsid: Fix update_ra_neighbor.sh license
Change-Id: I337b95f18b2cbea64d4512ab15122fe0b694ac5a
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Willy Tu (5):
build: Update to c++20 and meson >= 0.57.0
Add Google Copyright 2021
test: Replace the C++ MOCK_METHOD<n> macros with the new MOCK_METHOD
google-ipmi-sys: Refactor to use new version of OEM IPMI Handler
google-ipmi-sys: Convert input to use std::span<const uint8_t>
Change-Id: I4a4d3416bcc48ca1e4c902969d669a1a4aca6d2f
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
This makes it possible to specify a FRU lookup by a dynamically
discovered FRUs from entity manager.
Change-Id: Icf83aa3eff1cbc08a8fa3f99754e5c10e3e583fc
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This will allow us to implement other types of FRU path lookup
mechanisms beyond the OF name one that is currently in use. This change
is fully backward compatible.
Change-Id: Icedecedc9fcaad75fa32c23142a0fd3dfa7f6c0d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This makes it possible to create new specifications besides the default
mapping of OF name to eeprom path. Right now this provides backward
compatability with anything that uses of_name_to_eeprom and only
provides a new explicit specifier for that specification.
Change-Id: If02d9cb392a48e0698b10644d7ade3220bde3eb5
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Change-Id: Ieaa81c38a107ea17f6901dded3583f93f48a4e98
Signed-off-by: Willy Tu <wltu@google.com>
|
|
Tested:
```
$ find -name platforms_secure.pem
./tmp/sysroots-components/armv7a/google-bios-key/usr/share/google-bios-key/platforms_secure.pem
./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_secure.pem
$ ls -l ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_secure.pem
lrwxrwxrwx 2 build build 36 Oct 13 08:09
./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_secure.pem
-> google-bios-key/platforms_secure.pem
$ find -name platforms_bringup.pem
./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_bringup.pem
./tmp/sysroots-components/armv7a/google-bios-key/usr/share/google-bios-key/platforms_bringup.pem
$ ls -l ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_bringup.pem
lrwxrwxrwx 2 build build 37 Oct 13 08:09
./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_bringup.pem
-> google-bios-key/platforms_bringup.pem
```
Change-Id: I38a4dcb5daa77bc2acf28ac19cdde07f22d8ba44
Signed-off-by: Willy Tu <wltu@google.com>
|
|
Change-Id: I0012555a65b0d9f67c62e14a5890a21cdff31ee5
Signed-off-by: Willy Tu <wltu@google.com>
|
|
This change is a part of the privilege seperation work
which is tracked in:
https://github.com/openbmc/openbmc/issues/3383
This change should be merged after individual repo change:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/41166
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: I72e4842e7aa6de2ae4bcbdbf00953b7a79a0f414
|
|
Add dev/prod image type to /etc/os-release.
Tested:
Built with GBMC_CONFIG=dev bitbake obmc-phosphor-image
```
cat /etc/os-release
ID=gbmc
NAME="gBMC (OpenBMC + Google customizations)"
VERSION="gbmc-release"
VERSION_ID=gbmc-release-0.5.0.0
PRETTY_NAME="gBMC (OpenBMC + Google customizations) gbmc-release"
BUILD_ID="2.11.0-dev"
IMAGE_TYPE="dev"
```
Change-Id: I355e6069b08107717fb406b6b603ce4ce5264ff3
Signed-off-by: Willy Tu <wltu@google.com>
|
|
The scripts distributed with this recipe depend on bash at runtime,
causing sanity check failures without proper specification.
Change-Id: I32e4ad135ca94c3f0f707ca7d48f5c3fa29d2441
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Willy Tu (1):
Revert "bios-key: import from gBMC"
Change-Id: Ie654c5507bd94633f65fe9f1a3ecac4a1e465d00
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Add the public Google BIOS keys for gBMC
Change-Id: Id60b5f2d5bf9f6b7491959ad17c79698ade570ad
Signed-off-by: Willy Tu <wltu@google.com>
|
|
This reverts commit f10df3ffeb8d695167c95530ab2c1022e3d02103.
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/47253 is
submitted and libcr51sign is ready for use.
Change-Id: I646dcf872d495d4baf18b9c4dc6149f576e6761d
Signed-off-by: Willy Tu <wltu@google.com>
|
|
Copybara-Service (1):
Merge pull request #96 from l9i:go-presubmit
Piotr Lewandowski (3):
Print the ouptut of `gofmt -d` (if any)
Print the output of `gofmt -d` (if any)
Merge branch 'go-presubmit' of github.com:l9i/glome into go-presubmit
William A. Kennington III (1):
login/login: Remove glib url escap
Change-Id: Ief099a8ebec5d78ce256e32dacb5cf90173bcfc9
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We need the hostname to be properly configured in order to login with
GLOME. This derives the hostname from the FQDN that is passed via the
DNS list in the RA messages from the smart NIC.
Change-Id: I4e7a414b6b75bfb227df5763917e9e5d09579d7d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Our end2end DHCP solution is not yet working, but we need a way to
derive addresses for a BMC from the smart NIC in front of it. This
provides a mechanism for detecting the address from RA beacons the NIC
is sending.
Change-Id: I0cdc8c192974c0b00257ebe58e911e62636e4c81
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We may have multiple BMCs running on the internal gbmcbr network via USB
links to attached trays. These BMCs do not have a direct connection to
the network, and require the NCSI BMC to relay all of their traffic
(including DHCP) out opf the machine. This patch enables dhcrelay to run
on the NCSI interface and proxy all DHCP traffic from the bridge out of
the machine.
Change-Id: I60f97ae2d64289c7b706b3d0a6c8fb79a931e485
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Nan Zhou (1):
libcr51sign: import from gBMC
William A. Kennington III (2):
ncsid: Stop targets when daemon stops
ncsid: Support parsing unsolicited RA announcements
Willy Tu (2):
google-misc: libcr51sign: add feature to fetch image regions
bios-key: import from gBMC
Change-Id: I47cd3bd37ca6eeb647f61fab66994a4e224f982a
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
This reverts commit 9568db489935842fc31854a649efb7bf681d5650.
We will fix libcr51sign and tools that use it first.
Change-Id: I97190c0b85bdc040ccce5d9c5f18aca35e6c2be7
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
|
|
The `pfx` variable was not correctly being initialized
Change-Id: Iafc0a2ca8dbfe943a9bc8c1649ae68fb00d267a1
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The return statements should have been exits.
Change-Id: I39a190250656ba676ea2ccbe570b88e3f18e5121
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Change-Id: Id980b8175dc5621f394771941de065689239fe3f
Signed-off-by: Willy Tu <wltu@google.com>
|
|
We want to use sets instead of separate rules for each address. This
also ensures that packets coming from internal sources are matched as
internal packets.
Change-Id: Iff87b81c48c7491a74af1a2cead4cabcb56d81a0
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We want to reduce the size of our target binaries, and LTO saves us
about 300K.
Change-Id: Id1fe52b48a16999385251ae927012ff3e494e2f3
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This saves ~3MB of uncompressed size.
Working on upstreaming this change, but keep it as part of meta-google
for now.
Change-Id: I261610c1413b514f7090e3be84ca19e243653640
Signed-off-by: William A. Kennington III <wak@google.com>
|