From 9b0630f40c7fb1143901f7d114c376426cc03501 Mon Sep 17 00:00:00 2001
From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Date: Sat, 15 Jun 2019 01:04:41 +0530
Subject: [PATCH] [D-Bus Intf] Security modes property & intf update

Defined new values for RestrictionMode property and defined
SpecialMode interfaces to handle special cases like manufacturing
and validation mode in OpenBMC.

Note: Please refer Security mode design doc under review for more
details
https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/21195/

Change-Id: I270e7d23ca2ed260f2d121e3844c2ca79150070e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
---
 .../Security/RestrictionMode.interface.yaml        | 16 +++++++++++++
 .../Control/Security/SpecialMode.interface.yaml    | 26 ++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml

diff --git a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
index 8e4fd8d..afd2279 100644
--- a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
+++ b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
@@ -21,3 +21,19 @@ enumerations:
         - name: Blacklist
           description: >
             Prevent, if in the blacklist.
+        - name: Provisioning
+          description: >
+            Indicate that system is in provisioning mode
+            and all commands are allowed in system inteface
+            in both pre and post BIOS boot.
+        - name: ProvisionedHostWhitelist
+          description: >
+            Commands in the whitelist will only be executed
+            through system interface after BIOS POST complete.
+            All KCS commands are supported before POST complete.
+        - name: ProvisionedHostDisabled
+          description: >
+            Commands through system interface are executed only
+            till BIOS POST complete notification, after
+            which no system interface commands will be executed(other
+            than BIOS SMI based ones).
diff --git a/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
new file mode 100644
index 0000000..6760076
--- /dev/null
+++ b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
@@ -0,0 +1,26 @@
+description: >
+    Implement to specify a special mode of operation
+
+properties:
+    - name: SpecialMode
+      type: enum[self.Modes]
+      description: >
+          The special mode.
+
+enumerations:
+    - name: Modes
+      description: >
+        Possible modes available.
+      values:
+        - name: None
+          description: >
+            BMC is under normal working condition.
+        - name: Manufacturing
+          description: >
+            Indicate that BMC is in manufacturing mode
+            and is allowed to perform any manufacturing related
+            activity
+        - name: ValidationUnsecure
+          description: >
+            Indicate that BMC is in validation mode, and can
+            execute any special validation related commands
-- 
2.7.4