blob: 62d5376d63c006baff79743b14ef4aca0920cc5f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
From 9b0630f40c7fb1143901f7d114c376426cc03501 Mon Sep 17 00:00:00 2001
From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Date: Sat, 15 Jun 2019 01:04:41 +0530
Subject: [PATCH] [D-Bus Intf] Security modes property & intf update
Defined new values for RestrictionMode property and defined
SpecialMode interfaces to handle special cases like manufacturing
and validation mode in OpenBMC.
Note: Please refer Security mode design doc under review for more
details
https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/21195/
Change-Id: I270e7d23ca2ed260f2d121e3844c2ca79150070e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
---
.../Security/RestrictionMode.interface.yaml | 16 +++++++++++++
.../Control/Security/SpecialMode.interface.yaml | 26 ++++++++++++++++++++++
2 files changed, 42 insertions(+)
create mode 100644 xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
diff --git a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
index 8e4fd8d..afd2279 100644
--- a/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
+++ b/xyz/openbmc_project/Control/Security/RestrictionMode.interface.yaml
@@ -21,3 +21,19 @@ enumerations:
- name: Blacklist
description: >
Prevent, if in the blacklist.
+ - name: Provisioning
+ description: >
+ Indicate that system is in provisioning mode
+ and all commands are allowed in system inteface
+ in both pre and post BIOS boot.
+ - name: ProvisionedHostWhitelist
+ description: >
+ Commands in the whitelist will only be executed
+ through system interface after BIOS POST complete.
+ All KCS commands are supported before POST complete.
+ - name: ProvisionedHostDisabled
+ description: >
+ Commands through system interface are executed only
+ till BIOS POST complete notification, after
+ which no system interface commands will be executed(other
+ than BIOS SMI based ones).
diff --git a/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
new file mode 100644
index 0000000..6760076
--- /dev/null
+++ b/xyz/openbmc_project/Control/Security/SpecialMode.interface.yaml
@@ -0,0 +1,26 @@
+description: >
+ Implement to specify a special mode of operation
+
+properties:
+ - name: SpecialMode
+ type: enum[self.Modes]
+ description: >
+ The special mode.
+
+enumerations:
+ - name: Modes
+ description: >
+ Possible modes available.
+ values:
+ - name: None
+ description: >
+ BMC is under normal working condition.
+ - name: Manufacturing
+ description: >
+ Indicate that BMC is in manufacturing mode
+ and is allowed to perform any manufacturing related
+ activity
+ - name: ValidationUnsecure
+ description: >
+ Indicate that BMC is in validation mode, and can
+ execute any special validation related commands
--
2.7.4
|