summaryrefslogtreecommitdiff
path: root/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem/0007-ipmi-whitelist-Allow-set-securitymode-cmd-from-KCS.patch
blob: 9519ee651e997da75ec1e1f3e24d4c1854947ad1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

From 5bdf25daa1c1857e5e24f8c7e593c303eff4285a Mon Sep 17 00:00:00 2001
From: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Date: Mon, 23 Nov 2020 01:01:24 +0000
Subject: [PATCH] ipmi-whitelist:Allow set securitymode cmd from KCS

Issue: Issuing set security mode for Provisioned Host Disabled command
       is restricted from KCS channel.

Fix: Allow set security mode command execution from KCS interface by
     adding channel mask in ipmi-whitelist.conf

Tested:
Verified using ipmitool raw command from Linux OS
1. Set restriction mode as ProvisionedHostWhitelist
Command: busctl set-property xyz.openbmc_project.RestrictionMode.Manager
         /xyz/openbmc_project/control/security/restriction_mode
         xyz.openbmc_project.Control.Security.RestrictionMode
                    RestrictionMode s
         "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.
           ProvisionedHostWhitelist"
Response:               //Success
2. Check the restriction mode
Command:  ipmitool raw 0x30 0xb3
Response: 04 00
3. Execute set security mode for Provisioned Host Disabled command from Linux OS terminal
Command:  ipmitool raw 0x30 0xb4 0x5
Response:                  //Success

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
---
 ipmi-whitelist.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipmi-whitelist.conf b/ipmi-whitelist.conf
index 6557b27..b7a3a8e 100644
--- a/ipmi-whitelist.conf
+++ b/ipmi-whitelist.conf
@@ -273,7 +273,7 @@
 0x30:0xb1:0x7f7f   //<Intel General Application>:<Control BMC Services>
 0x30:0xb2:0xff7f   //<Intel General Application>:<Get BMC Service Status>
 0x30:0xb3:0xff7f   //<Intel General Application>:<Get BMC Security Control Mode>
-0x30:0xb4:0x7f7f   //<Intel General Application>:<Set BMC Security Control Mode>
+0x30:0xb4:0xff7f   //<Intel General Application>:<Set BMC Security Control Mode>
 0x30:0xb5:0x7f7f   //<Intel General Application>:<Manufacturing mode Keep Alive>
 0x30:0xbb:0xff7f   //<Intel General Application>:<Get CPLD Revision ID>
 0x30:0xc2:0xff7f   //<Intel General Application>:<Get OEM Extended Sys Info>
-- 
2.17.1
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-02 20:25:45 +0300