diff options
| author | Thang Tran <thuutran@amperecomputing.com> | 2023-04-17 05:28:42 +0300 |
|---|---|---|
| committer | Thang Tran <thuutran@amperecomputing.com> | 2023-04-17 05:28:42 +0300 |
| commit | ccb905af4c95419ffae8b898c69e846855b6295c (patch) | |
| tree | af840fbc9ee1f0512b8b98177bb429f9119eff02 /meta-google | |
| parent | 99f5c8775056d24e746043534592c86e433a43a6 (diff) | |
| download | openbmc-ccb905af4c95419ffae8b898c69e846855b6295c.tar.xz | |
meta-ampere: mtjade: reduce number of hash cycles for default password
Issue: When users execute power cycle via out-of-band IPMI command, they
can not execute other out-of-band IPMI commands. The issue is reproduced
as below.
Step 1:
ipmitool -H <BMCIP> -U root -P 0penBmc -C 17 -I lanplus chassis \
power cycle
> Chassis Power Control: Cycle
Step 2:
ipmitool -H <BMCIP> -U root -P 0penBmc -C 17 -I lanplus chassis status
> Error: no response from RAKP 1 message
> Error: Received an Unexpected RAKP 2 message
> Error: no response from RAKP 1 message
> Error: Received an Unexpected RAKP 2 message
> Error: no response from RAKP 1 message
> Error: Received an Unexpected RAKP 2 message
> Error: no response from RAKP 1 message
> Get HPM.x Capabilities request failed, compcode = d4
> Get Device ID command failed
> No valid response received
> Unable to get Chassis Power Status
Root cause: When users execute out-of-band IPMI commands, OpenBMC has to
execute PAM authentication. BMC is using SHA512 algorithm to calculate
hashed value with default number of rounds (5000 times). When users
request "power cycle", many tasks have to be executed, therefore, CPU
does not have enough resource to complete the calculation SHA512 for
other requests on time.
Solution: Update the salted of default password (0penBmc) to specific
number of rounds. The number of rounds is the minimum value of SHA512
algorithmi (1000 times) to reduce SHA512 calculation time. The value is
generated from command 'openssl passwd -6 -salt rounds=1000\$UGMqyqdG
0penBmc'.
Tested:
1. Request power cycle
"ipmitool -H <BMCIP> -U root -P 0penBmc -C 17 -I
lanplus chassis power cycle"
> Chassis Power Control: Cycle
2. Request read power status immediately
"ipmitool -H <BMCIP> -U root -P 0penBmc -C 17 -I
lanplus chassis status"
> Chassis Power is on
Change-Id: I260f52413d9ad0ae4ef73fb8466c4460c0365ea6
Signed-off-by: Thang Tran <thuutran@amperecomputing.com>
Diffstat (limited to 'meta-google')
0 files changed, 0 insertions, 0 deletions