From 4aeb24cf629a60980d4ad270fc1750754826613d Mon Sep 17 00:00:00 2001 From: "Jason M. Bills" Date: Mon, 16 Dec 2019 12:21:26 -0800 Subject: Update to internal 2019-12-16 Signed-off-by: Jason M. Bills --- ...ve-Set-SOL-config-parameter-to-host-ipmid.patch | 47 ++----- ...ve-Get-SOL-config-parameter-to-host-ipmid.patch | 37 +++--- ...064-Update-provisioning-mode-filter-logic.patch | 141 ++++++++++++--------- .../phosphor-ipmi-host/phosphor-ipmi-host.service | 13 +- .../ipmi/phosphor-ipmi-net_%.bbappend | 2 +- .../ipmi/phosphor-node-manager-proxy_git.bb | 4 +- 6 files changed, 110 insertions(+), 134 deletions(-) (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/ipmi') diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0059-Move-Set-SOL-config-parameter-to-host-ipmid.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0059-Move-Set-SOL-config-parameter-to-host-ipmid.patch index 0d1a5abbb..bc8c72f13 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0059-Move-Set-SOL-config-parameter-to-host-ipmid.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0059-Move-Set-SOL-config-parameter-to-host-ipmid.patch @@ -1,7 +1,7 @@ -From 27b94aa1df83abad63cbba69525273194b14ab9c Mon Sep 17 00:00:00 2001 +From 1c8cb6b7c99ad85f470aa87095fcfb4de822ddb1 Mon Sep 17 00:00:00 2001 From: Cheng C Yang Date: Wed, 16 Oct 2019 14:24:20 +0800 -Subject: [PATCH] Move Set SOL config parameter to host-ipmid +Subject: [PATCH 1/1] Move Set SOL config parameter to host-ipmid Move Set SOL config parameter command from net-ipmid to host-ipmid, so that BIOS in Intel platform can enable or disable SOL through KCS. @@ -21,13 +21,14 @@ After reboot BMC, "Progress" property in dbus interface change back to 0 and other properties will not reset to default value. Signed-off-by: Cheng C Yang +Signed-off-by: James Feist --- host-ipmid-whitelist.conf | 1 + - transporthandler.cpp | 322 ++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 323 insertions(+) + transporthandler.cpp | 294 ++++++++++++++++++++++++++++++++++++++ + 2 files changed, 295 insertions(+) diff --git a/host-ipmid-whitelist.conf b/host-ipmid-whitelist.conf -index e8df7c7..f030ef4 100644 +index 5397115..c93f3b1 100644 --- a/host-ipmid-whitelist.conf +++ b/host-ipmid-whitelist.conf @@ -41,6 +41,7 @@ @@ -39,10 +40,10 @@ index e8df7c7..f030ef4 100644 0x2C:0x01 //: 0x2C:0x02 //: diff --git a/transporthandler.cpp b/transporthandler.cpp -index e88eb63..4a42e7b 100644 +index 61065ad..59e38ea 100644 --- a/transporthandler.cpp +++ b/transporthandler.cpp -@@ -1469,8 +1469,323 @@ RspType getLan(uint4_t channelBits, uint3_t, bool revOnly, +@@ -1469,8 +1469,298 @@ RspType getLan(uint4_t channelBits, uint3_t, bool revOnly, } // namespace transport } // namespace ipmi @@ -136,31 +137,6 @@ index e88eb63..4a42e7b 100644 + return 0; +} + -+void initializeSOLInProgress() -+{ -+ ipmi::ChannelInfo chInfo; -+ for (int chNum = 0; chNum < ipmi::maxIpmiChannels; chNum++) -+ { -+ if (!ipmi::isValidChannel(static_cast(chNum))) -+ { -+ continue; -+ } -+ ipmi_ret_t compCode = -+ ipmi::getChannelInfo(static_cast(chNum), chInfo); -+ if (compCode != IPMI_CC_OK || -+ chInfo.mediumType != -+ static_cast(ipmi::EChannelMediumType::lan8032)) -+ { -+ continue; -+ } -+ if (setSOLParameter("Progress", static_cast(0), chNum) < 0) -+ { -+ phosphor::logging::log( -+ "Error initialize sol progress"); -+ } -+ } -+} -+ +static const constexpr uint8_t encryptMask = 0x80; +static const constexpr uint8_t encryptShift = 7; +static const constexpr uint8_t authMask = 0x40; @@ -366,7 +342,7 @@ index e88eb63..4a42e7b 100644 void register_netfn_transport_functions() { ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnTransport, -@@ -1479,4 +1794,11 @@ void register_netfn_transport_functions() +@@ -1479,4 +1769,8 @@ void register_netfn_transport_functions() ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnTransport, ipmi::transport::cmdGetLanConfigParameters, ipmi::Privilege::Operator, ipmi::transport::getLan); @@ -374,10 +350,7 @@ index e88eb63..4a42e7b 100644 + ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnTransport, + ipmi::transport::cmdSetSolConfigParameters, + ipmi::Privilege::Admin, setSOLConfParams); -+ -+ // Initialize dbus property progress to 0 every time sol manager restart. -+ initializeSOLInProgress(); } -- -2.7.4 +2.17.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0060-Move-Get-SOL-config-parameter-to-host-ipmid.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0060-Move-Get-SOL-config-parameter-to-host-ipmid.patch index 01a3e49b8..61ac5fede 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0060-Move-Get-SOL-config-parameter-to-host-ipmid.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0060-Move-Get-SOL-config-parameter-to-host-ipmid.patch @@ -1,7 +1,7 @@ -From e8ad148601fc3b45fac9092fdd45c537433e662f Mon Sep 17 00:00:00 2001 +From b5400c4bc756a800fbeb4cc53117956fb59dc57d Mon Sep 17 00:00:00 2001 From: Cheng C Yang Date: Thu, 11 Jul 2019 00:32:58 +0800 -Subject: [PATCH] Move Get SOL config parameter to host-ipmid +Subject: [PATCH 1/1] Move Get SOL config parameter to host-ipmid Move Get SOL config parameter command from net-ipmid to host-ipmid. @@ -22,16 +22,17 @@ Payload Channel : 1 (0x01) Payload Port : 623 Signed-off-by: Cheng C Yang +Signed-off-by: James Feist --- host-ipmid-whitelist.conf | 1 + - transporthandler.cpp | 191 ++++++++++++++++++++++++++++++++++++++++++++++ + transporthandler.cpp | 191 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 192 insertions(+) diff --git a/host-ipmid-whitelist.conf b/host-ipmid-whitelist.conf -index 44c2181..0fcac4e 100644 +index c93f3b1..730437d 100644 --- a/host-ipmid-whitelist.conf +++ b/host-ipmid-whitelist.conf -@@ -41,6 +41,7 @@ +@@ -42,6 +42,7 @@ 0x0A:0x49 //: 0x0C:0x02 //: 0x0C:0x21 //: @@ -40,10 +41,10 @@ index 44c2181..0fcac4e 100644 0x2C:0x01 //: 0x2C:0x02 //: diff --git a/transporthandler.cpp b/transporthandler.cpp -index 25062ae..9ba2868 100644 +index 59e38ea..b64953f 100644 --- a/transporthandler.cpp +++ b/transporthandler.cpp -@@ -1719,6 +1719,28 @@ static int getSOLParameter(const std::string& property, ipmi::Value& value, +@@ -1559,6 +1559,28 @@ static int getSOLParameter(const std::string& property, ipmi::Value& value, return 0; } @@ -69,10 +70,10 @@ index 25062ae..9ba2868 100644 + return 0; +} + - void initializeSOLInProgress() - { - ipmi::ChannelInfo chInfo; -@@ -1913,6 +1935,171 @@ ipmi::RspType<> setSOLConfParams(ipmi::Context::ptr ctx, uint4_t chNum, + static const constexpr uint8_t encryptMask = 0x80; + static const constexpr uint8_t encryptShift = 7; + static const constexpr uint8_t authMask = 0x40; +@@ -1761,6 +1783,171 @@ ipmi::RspType<> setSOLConfParams(ipmi::Context::ptr ctx, uint4_t chNum, return ipmi::responseSuccess(); } @@ -243,18 +244,16 @@ index 25062ae..9ba2868 100644 + void register_netfn_transport_functions() { - // As this timer is only for transport handler -@@ -1934,6 +2121,10 @@ void register_netfn_transport_functions() + ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnTransport, +@@ -1773,4 +1960,8 @@ void register_netfn_transport_functions() + ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnTransport, ipmi::transport::cmdSetSolConfigParameters, ipmi::Privilege::Admin, setSOLConfParams); - ++ + ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnTransport, + ipmi::transport::cmdGetSolConfigParameters, + ipmi::Privilege::User, getSOLConfParams); -+ - // Initialize dbus property progress to 0 every time sol manager restart. - initializeSOLInProgress(); - + } -- -2.7.4 +2.17.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0064-Update-provisioning-mode-filter-logic.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0064-Update-provisioning-mode-filter-logic.patch index 57a31c991..5cd8b3ec4 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0064-Update-provisioning-mode-filter-logic.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/0064-Update-provisioning-mode-filter-logic.patch @@ -1,7 +1,7 @@ -From 3279300bb9afd1f169b35b7830d7f054045ab35f Mon Sep 17 00:00:00 2001 +From dcfce847654bd7e2475ad74bedf569b6120701dd Mon Sep 17 00:00:00 2001 From: Richard Marian Thomaiyar Date: Tue, 18 Jun 2019 19:42:30 +0530 -Subject: [PATCH] Update provisioning mode filter logic +Subject: [PATCH 1/1] Update provisioning mode filter logic Updated provisioning mode filtering logic support. Based on the RestrictionMode property, Host (system) interface commands will be @@ -20,12 +20,13 @@ whitelist (Note: New whitelist conf is under review). Change-Id: I7a14e827d70e2d8d6975e600a0fd00e2a790bc22 Signed-off-by: Richard Marian Thomaiyar +Signed-off-by: James Feist --- - whitelist-filter.cpp | 155 ++++++++++++++++++++++++++++++++++++++++----------- - 1 file changed, 122 insertions(+), 33 deletions(-) + whitelist-filter.cpp | 191 ++++++++++++++++++++++++++++++------------- + 1 file changed, 136 insertions(+), 55 deletions(-) diff --git a/whitelist-filter.cpp b/whitelist-filter.cpp -index 9f1e7c8..2c56087 100644 +index 9f1e7c8..53461b4 100644 --- a/whitelist-filter.cpp +++ b/whitelist-filter.cpp @@ -25,6 +25,7 @@ namespace @@ -36,7 +37,7 @@ index 9f1e7c8..2c56087 100644 public: WhitelistFilter(); ~WhitelistFilter() = default; -@@ -35,17 +36,26 @@ class WhitelistFilter +@@ -35,17 +36,24 @@ class WhitelistFilter private: void postInit(); @@ -53,8 +54,7 @@ index 9f1e7c8..2c56087 100644 + RestrictionMode::Modes::ProvisionedHostWhitelist; + bool postCompleted = false; std::shared_ptr bus; - std::unique_ptr objects; -+ std::unique_ptr postCompleteObj; +- std::unique_ptr objects; std::unique_ptr modeChangeMatch; + std::unique_ptr postCompleteMatch; @@ -65,7 +65,7 @@ index 9f1e7c8..2c56087 100644 }; WhitelistFilter::WhitelistFilter() -@@ -63,16 +73,22 @@ WhitelistFilter::WhitelistFilter() +@@ -63,43 +71,83 @@ WhitelistFilter::WhitelistFilter() post_work([this]() { postInit(); }); } @@ -73,24 +73,40 @@ index 9f1e7c8..2c56087 100644 +void WhitelistFilter::cacheRestrictedAndPostCompleteMode() { using namespace sdbusplus::xyz::openbmc_project::Control::Security::server; ++ std::string restrictionModeSetting; std::string restrictionModeService; + std::string systemOsStatusPath; + std::string systemOsStatusService; try { - restrictionModeSetting = objects->map.at(restrictionModeIntf).at(0); +- restrictionModeSetting = objects->map.at(restrictionModeIntf).at(0); ++ auto objects = settings::Objects( ++ *bus, std::vector({restrictionModeIntf})); ++ auto postCompleteObj = settings::Objects( ++ *bus, std::vector({systemOsStatusIntf})); ++ ++ restrictionModeSetting = objects.map.at(restrictionModeIntf).at(0); restrictionModeService = - objects->service(restrictionModeSetting, restrictionModeIntf); +- objects->service(restrictionModeSetting, restrictionModeIntf); ++ objects.service(restrictionModeSetting, restrictionModeIntf); + -+ systemOsStatusPath = postCompleteObj->map.at(systemOsStatusIntf).at(0); ++ systemOsStatusPath = postCompleteObj.map.at(systemOsStatusIntf).at(0); + systemOsStatusService = -+ postCompleteObj->service(systemOsStatusPath, systemOsStatusIntf); ++ postCompleteObj.service(systemOsStatusPath, systemOsStatusIntf); } catch (const std::out_of_range& e) { -@@ -80,26 +96,50 @@ void WhitelistFilter::cacheRestrictedMode() - "Could not look up restriction mode interface from cache"); +- log( +- "Could not look up restriction mode interface from cache"); ++ log( ++ "Could not initialize provisioning mode, defaulting to restricted"); ++ return; ++ } ++ catch (const std::exception&) ++ { ++ log( ++ "Could not initialize provisioning mode, defaulting to restricted"); return; } + @@ -98,11 +114,11 @@ index 9f1e7c8..2c56087 100644 [this](boost::system::error_code ec, ipmi::Value v) { if (ec) { - log("Error in RestrictionMode Get"); - // Fail-safe to true. +- log("Error in RestrictionMode Get"); +- // Fail-safe to true. - restrictedMode = true; -+ restrictionMode = -+ RestrictionMode::Modes::ProvisionedHostWhitelist; ++ log("Could not initialize provisioning mode, " ++ "defaulting to restricted"); return; } auto mode = std::get(v); @@ -147,7 +163,7 @@ index 9f1e7c8..2c56087 100644 } void WhitelistFilter::handleRestrictedModeChange(sdbusplus::message::message& m) -@@ -112,23 +152,44 @@ void WhitelistFilter::handleRestrictedModeChange(sdbusplus::message::message& m) +@@ -112,61 +160,94 @@ void WhitelistFilter::handleRestrictedModeChange(sdbusplus::message::message& m) { if (property.first == "RestrictionMode") { @@ -164,16 +180,24 @@ index 9f1e7c8..2c56087 100644 + log( + "Updated restriction mode", + entry("VALUE=%d", static_cast(restrictionMode))); -+ } -+ } -+} + } + } + } +- +-void WhitelistFilter::postInit() +void WhitelistFilter::handlePostCompleteChange(sdbusplus::message::message& m) -+{ + { +- objects = std::make_unique( +- *bus, std::vector({restrictionModeIntf})); +- if (!objects) + std::string intf; + std::vector> propertyList; + m.read(intf, propertyList); + for (const auto& property : propertyList) -+ { + { +- log( +- "Failed to create settings object; defaulting to restricted mode"); +- return; + if (property.first == "OperatingSystemState") + { + std::string value = std::get(property.second); @@ -187,47 +211,38 @@ index 9f1e7c8..2c56087 100644 + } + log(postCompleted ? "Updated to POST Complete" + : "Updated to !POST Complete"); - } ++ } } - } - - void WhitelistFilter::postInit() - { - objects = std::make_unique( - *bus, std::vector({restrictionModeIntf})); -- if (!objects) -+ postCompleteObj = std::make_unique( -+ *bus, std::vector({systemOsStatusIntf})); -+ if (!objects || !postCompleteObj) - { - log( - "Failed to create settings object; defaulting to restricted mode"); -@@ -136,37 +197,65 @@ void WhitelistFilter::postInit() - } - ++} ++void WhitelistFilter::postInit() ++{ // Initialize restricted mode - cacheRestrictedMode(); + cacheRestrictedAndPostCompleteMode(); // Wait for changes on Restricted mode - std::string filterStr; -+ std::string filterStrModeChange; -+ std::string filterStrPostComplete; - try - { +- try +- { - filterStr = sdbusplus::bus::match::rules::propertiesChanged( -+ filterStrModeChange = sdbusplus::bus::match::rules::propertiesChanged( - objects->map.at(restrictionModeIntf).at(0), restrictionModeIntf); -+ filterStrPostComplete = sdbusplus::bus::match::rules::propertiesChanged( -+ postCompleteObj->map.at(systemOsStatusIntf).at(0), -+ systemOsStatusIntf); - } - catch (const std::out_of_range& e) - { +- objects->map.at(restrictionModeIntf).at(0), restrictionModeIntf); +- } +- catch (const std::out_of_range& e) +- { - log("Failed to determine restriction mode filter string"); -+ log("Failed to determine restriction mode / POST complete " -+ "filter string"); - return; - } +- return; +- } ++ namespace rules = sdbusplus::bus::match::rules; ++ const std::string filterStrModeChange = ++ rules::type::signal() + rules::member("PropertiesChanged") + ++ rules::interface("org.freedesktop.DBus.Properties") + ++ rules::argN(0, restrictionModeIntf); ++ ++ const std::string filterStrPostComplete = ++ rules::type::signal() + rules::member("PropertiesChanged") + ++ rules::interface("org.freedesktop.DBus.Properties") + ++ rules::argN(0, systemOsStatusIntf); ++ modeChangeMatch = std::make_unique( - *bus, filterStr, [this](sdbusplus::message::message& m) { + *bus, filterStrModeChange, [this](sdbusplus::message::message& m) { @@ -252,16 +267,16 @@ index 9f1e7c8..2c56087 100644 - whitelist.cbegin(), whitelist.cend(), - std::make_pair(request->ctx->netFn, request->ctx->cmd))) + if (!postCompleted) ++ { ++ // Allow all commands, till POST is not completed ++ return ipmi::ccSuccess; ++ } ++ switch (restrictionMode) { - log("Net function not whitelisted", - entry("NETFN=0x%X", int(request->ctx->netFn)), - entry("CMD=0x%X", int(request->ctx->cmd))); - return ipmi::ccInsufficientPrivilege; -+ // Allow all commands, till POST is not completed -+ return ipmi::ccSuccess; -+ } -+ switch (restrictionMode) -+ { + case RestrictionMode::Modes::ProvisionedHostWhitelist: + { + if (!std::binary_search( @@ -282,5 +297,5 @@ index 9f1e7c8..2c56087 100644 } return ipmi::ccSuccess; -- -2.7.4 +2.17.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/phosphor-ipmi-host.service b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/phosphor-ipmi-host.service index 30a4dec25..1e45ee6c9 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/phosphor-ipmi-host.service +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-host/phosphor-ipmi-host.service @@ -1,16 +1,5 @@ [Unit] Description=Phosphor Inband IPMI -# TODO openbmc/openbmc#2059 - The wants/after below should be based on providers -Wants=mapper-wait@-xyz-openbmc_project-control-host0-boot.service -After=mapper-wait@-xyz-openbmc_project-control-host0-boot.service -Wants=mapper-wait@-xyz-openbmc_project-control-host0-boot-one_time.service -After=mapper-wait@-xyz-openbmc_project-control-host0-boot-one_time.service -Wants=mapper-wait@-xyz-openbmc_project-control-host0-power_restore_policy.service -After=mapper-wait@-xyz-openbmc_project-control-host0-power_restore_policy.service -Wants=mapper-wait@-xyz-openbmc_project-control-security-restriction_mode.service -After=mapper-wait@-xyz-openbmc_project-control-security-restriction_mode.service -Wants=mapper-wait@-xyz-openbmc_project-state-os.service -After=mapper-wait@-xyz-openbmc_project-state-os.service [Service] Restart=always @@ -23,4 +12,4 @@ RuntimeDirectoryPreserve = yes StateDirectory = ipmi [Install] -WantedBy={SYSTEMD_DEFAULT_TARGET} +WantedBy=basic.target diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend index 9f3bf81ca..b488e6d8e 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend @@ -3,7 +3,7 @@ inherit useradd # TODO: This should be removed, once up-stream bump up # issue is resolved SRC_URI += "git://github.com/openbmc/phosphor-net-ipmid" -SRCREV = "49a94b2f82fb1aa68d608f28c4863bb36661a3a4" +SRCREV = "0f63e01ce6bb11920d78d999267558500ca9a272" USERADD_PACKAGES = "${PN}" # add a group called ipmi diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-node-manager-proxy_git.bb b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-node-manager-proxy_git.bb index 6d8334865..635f2d3a4 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-node-manager-proxy_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-node-manager-proxy_git.bb @@ -2,8 +2,8 @@ SUMMARY = "Node Manager Proxy" DESCRIPTION = "The Node Manager Proxy provides a simple interface for communicating \ with Management Engine via IPMB" -SRC_URI = "git://git@github.com/Intel-BMC/node-manager;protocol=ssh" -SRCREV = "a0d3ec079f569c47af21d8cafe46e65f5784cd5b" +SRC_URI = "git://github.com/Intel-BMC/node-manager;protocol=ssh" +SRCREV = "13c62849bce28161fc58134c52920e0c494745f9" PV = "0.1+git${SRCPV}" LICENSE = "Apache-2.0" -- cgit v1.2.3