Age | Commit message (Collapse) | Author | Files | Lines |
|
Modify the machine meta-layer configs to remove the use of the
OBMC_MACHINE_FEATURES indirection and favor the Yocto MACHINE_FEATURES
variable instead.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ifafb79e4e4c010e9476b9547cd4982f5b645060e
|
|
openpower-pnor-code-mgmt: srcrev bump 9c2ef681e3..6fc7fcd6b1
Adriana Kobylak (2):
Add a new pldm feature option
Add support for the host PLDM transport that takes place of hiomap
(mboxd). Add this new feature to p10bmc.
Tested: Verified that tacoma (that doesn't support pldm) and p10bmc
(supports pldm) reached runtime.
Change-Id: I31e8beba5ff8a413b7b7fa7476f5f2403d3781dd
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
With the reshuffle that occurred in 38cfcc393d9e ("meta-aspeed:
u-boot-aspeed-sdk: Use provided signing key by default") we no-longer
need to specify these options in p10bmc.conf
Mistakenly, `SOCSEC_SIGN_ENABLE = "1"` was duplicated later in the file
by 699146128388 ("meta-ibm: p10bmc: Assert that we want the SPL signed
by socsec"). Removing the instance as done in this patch still leaves us
with the positive assertion that we want SPL signing enabled.
Change-Id: Iaa9cbe5b0ba4aaf69bb0fba1eb8f6bc62d085a33
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
Configure the SOCSEC_SIGN_* variables to sign the SPL and exploit the
AST2600 hardware root-of-trust.
Note that this doesn't require that secure-boot is enabled on the
system, the SoC will bootstrap just fine with the signature in place
while secure-boot is disabled. Signing the SPL allows us to switch the
systems over to secure-boot at our leisure.
Change-Id: I07b5c4afb7bacc040cbdce6c82a0fb3a57d0f7f8
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
Change-Id: I9116ed7260e369136acb39eec15075db2d4dbeba
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
OpenBMC requires additional capabilities for the
OpenPOWER systems such as
- A common mechanism to access and control the host
hardware from the BMC.
- A storage mechanism to store the data that can be
used for initialize, control and access the CEC
hardware.
- An infrastructure to initialize the hardware using
the hardware procedures provided by the hardware team.
- Common mechanism to handle the hardware failures for
the host hardware.
These above features are essential for the BMC to provide
better RAS capability and to support lab debug for the
enterprise class systems.
The phal(POWER Hardware Abstraction Layer) aims to provide
a common layout such that the OpenPOWER application can
use this infrastructure to boot, enable RAS features like dump,
diagnostics, and lab debug tooling purpose.
The phal is a combination of open source packages that are
tailored/customised to use in OpenBMC. For instance POWER
hardware access and control is managed through pdbg and
host hardware data modelling is done via devicetree.
phal is group of libraries running in BMC. These libraries
are used by OpenPOWER specific application for host hardware
interactions, Hostboot and SBE initialization, diagnostics
and debugging.
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Change-Id: I187d9582598743871279a1e407451f4cf4f72668
|
|
Change-Id: Ic1cde1cd67fa6f8f68df80a1f327ace64a39d72b
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
The rainier machine has been replaced with the generic p10bmc.
Change-Id: Ia7b6e8b6ad569d6f607d4a38318704fb402f2a1f
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
Use the 'insecure/imprint' development key to sign the p10bmc SPL. The
key can be overriden for a production key if necessary.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Change-Id: I6e4abecb5859fb59c6185a097cf88bdcb958e207
|
|
Use the insecure key provided by commit '748d586bc1 meta-aspeed: Add
development key for Kernel sign' to sign both the Kernel as well as
U-Boot fitImages. This is used for U-Boot FIT Signature Verification
using a known key, fit for development purposes. For production
purposes, a secure private key must be used.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Change-Id: If0c39f4aa17e6eaa5f6952a90283457f252a64d3
|
|
This creates a new DISTRO_FEATURE "ibm-service-account-policy" which
- Adds an admin account which cannot SSH to the BMC's command shell.
- Adds a service account which can SSH and has passwordless sudo access.
This feature is applied to witherspoon-tacoma and p10bmc (rainier).
Tested:
The image behaves as before when the distro feature is not configured.
When the distro feature is configured:
The root user has the same access as before.
The admin user:
- Is not allowed to access the BMC's command shell.
- Console login gets: This account is currently not available.
- SSH login gets: Permission denied, please try again.
- Redfish and REST API access works with role=Administrator.
The service user:
- Console login to the BMC's command shell works. The home
directory is /. Passwordless sudo works.
- SSH login works and using sudo from a SSH session works.
- Redfish and REST API access works with role=Administrator.
Change-Id: Icac5ba7f4fa663047709ab55007bbcfec8158f5e
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
|
The OBMC_ORG_YAML_SUBDIRS variable is intended to be set system-wide
and not via bbappends. There was an existing 'ibm-distrovars.inc'
that was unused. Rename it as appropriate, add it to the machines,
and remove the bbappend files.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Id5acd359f41c17ec9e68d1f0717e2f5c1bf96dcf
|
|
Replace rainier with p10bmc as build target. Keep the rainier.conf as a
symlink to p10bmc.conf to allow the transition. Remove the rainier.conf
and the machine override from p10bmc.conf in a later commit to complete
the replacement.
Tested: Built rainier and p10bmc and checked for some files/service
units to exist on both.
Change-Id: Ic8c8c6ffbc3507fbd9c692da259e37ae695359a6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|