| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The gbmc-mac-config service is used to change the address to match the
value stored in the FRU by creating a config file for the interface.
However in commit 93433c165b38b1bbce6a679e43cf0188311551be of
phosphor-networkd, the default files for the interfaces are
consolidated into a single file for creating them. As a result, the
config generated by the service for eth1 isn't applied, and the
randomly generated MAC is used to obtain an IP address. Eventually, all
IP addresses are allocated to the randomly generated MAC addresses, and
the unit is unable to get a valid IP address. The MAC address is now
set using a different method.
Tested: Offline flashed a unit without the changes. Checked that MAC
address didn't match what is stored in the FRU. Flashed with the changes
and verified the MAC address matched the FRU.
Change-Id: Iaca14e86c93b5392def60d666b8b1aa6b03fd716
Signed-off-by: Kyle Nieman <kyle.nieman@fii-na.com>
|
|
The existing one would fail when the MAC address from EEPROM + MAC
address count >= 0xff. Fix this so that it will only fail when it is
strictly greater than 0xff.
Example failure: if `mac[5]` is 0xfc and `num` is 4, in this case even
after the MAC address assignments are done, it will fail due to the last
checked exceeded 0xff.
Signed-off-by: Anthony <anthonyhkf@google.com>
Change-Id: If24debed070bdd500cb0f3df6aa4c49d8f3af365
|
|
You can't build meta-google without including libhoth support.
Change-Id: I77799f63c444bcbd1ce7dd3761fccf29a60d3cd4
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
On bmc connects to multiple CNs, services may want to tell the source of
the traffic. This new package is to install the rules accordingly.
Change-Id: I5df17151cb5056386b5eafdcd4ac1ceb3f37e298
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
Patrick Williams (1):
clang-format: copy latest and re-format
Change-Id: Idd9e697e084f845b15edfd96c3b325f6dc3f75aa
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Patrick Williams (1):
sdbusplus: use shorter type aliases
Willy Tu (1):
cleanup: Reformat with clang
Change-Id: I03c49a2c388a9dfc47abe2d6155b19a24fcac2f6
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Signed-off-by: Tom Tung <shes050117@gmail.com>
Change-Id: Ib4d3b942aa8821f70981dff0d16ff1d7f349697b
|
|
Tested:
Check
`tmp/work/all-openbmc-linux/os-release/1.0-r0/package/etc/os-release`
and the `GBMC_TARGET_MACHINE` has the value as expected.
Change-Id: I8b2d2b2aefcd3310f36404f97af0d03f840f64ad
Signed-off-by: Tom Tung <shes050117@gmail.com>
|
|
In some cases gbmc-ip-monitor failed to start within the default timeout
90s, this extend the timeout so that it has enough time to start.
Change-Id: I79e82f5110f72371019390a168c8b8be5f4d9750
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
Use the libhoth recipe in meta-security instead of openbmc one. Set the
source rev override until that bump is submitted and subtree updated.
libhoth source bump in
- https://lore.kernel.org/yocto/20230517172730.3837643-1-jebr@google.com/T/#u
Change-Id: I6099d6351417dcef9eb3b4d297de43a5e229d7dd
Signed-off-by: Willy Tu <wltu@google.com>
|
|
aranikam(1):
Add flash_spi_info command
wltu(1):
Expose header files expose USB APIs
Change-Id: I6275c7aba776c21abe578086c6b8a251f11e4f7e
Signed-off-by: Willy Tu <wltu@google.com>
|
|
Fru device can take longer than 60s to come up, this is observed more
often especially in qemu. This extend the timeout to 5 minutes.
Change-Id: I95dcdf2cf10e8f9941ff6502a54e9c67dfc6c7e3
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
gbmc-br-dhcp will try to set the ip and will exit if an error is detect.
We should not return an error when ignoring the same ip so the netboot
can continue.
Change-Id: I64397fcd8cf0a5bc084b34b11aabcc381c889bda
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
Patrick Williams (1):
clang-format: copy latest and re-format
Change-Id: Ia77961cf9bd201753481a129a007564c58b28d2c
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
quadpixels(2):
Add console snapshot
Add payload status
gyandreev(4):
Add basic abstraction to libhoth and SPIDEV support
Build improvements
Extern c wrap
Dont check for non-snapshot console params
aranikam(1):
Add address mode flag for spi update/read
daimeng-wang(3):
libhoth: add MTD backend boilerplate API
libhoth: implement MTD transport
libhoth: automated mtd mailbox discovery
cjevans-google(2):
Apply clang-format, and enable it as a check action.
Rename ec_ commands; permit old command names as an alias.
Change-Id: I71e675d144d76e62a50f0f88c7814de5743eef8a
Signed-off-by: Willy Tu <wltu@google.com>
|
|
GBMC bridge ip is set up via different sources at different moments.
This change skips the unnecessary reconfiguration so that the network
will be less disturbed.
Change-Id: I0ecbad0693398b32037c6be7228444a7d7f89076
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
Set the hoth_secondary offset to correct one.
Tested:
1. hoth fw can embed successfully & the size is correct.
2. BMC image can build and run.
Change-Id: I336d71d45349f0e58230a1175026ee4fad015733
Signed-off-by: Claire Liao <claireliao@google.com>
|
|
This CL adds support for bridging ethernet devices to gbmcbr and
interface renaming based on the dev address.
Change-Id: Ibc5fc8e0426e117191574553b36ea59a6735b91c
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
SPDX doesn't identify an unadorned "BSD" license like the recipe
previously claimed. Define the license as BSD-2-Clause in accordance
with the COPYING file:
https://github.com/yrutschle/conf2struct/blob/6bc9eed1eb50175e5fda791f27d85e72f5a6ac78/COPYING
Change-Id: I878d8dab97980aa1547f630bd55eb5f81f72b625
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
Set the timeout to be 20 minutes to make sure we don't wait for it
forever.
The workflow is the following.
- If time synced,
- Start time-sync.target
- If timesout after 20 minutes,
- Start time-sync.target
- After time-sync.target, start services that depends on it.
Tested:
The service with
```
[Unit]
After=gbmc-time-sync.target
Wants=gbmc-time-sync.target
```
always start after timesynced now.
Tested with modified timeout and normal timesync which both worked.
Change-Id: Idbbcdd0f65a5c49f66f74c8e1b9c94d047cd5d7f
Signed-off-by: Willy Tu <wltu@google.com>
|
|
This updates to libpam 1.5.2. This version removes support for
pam_cracklib and pam_tally2. They are replaced by pam_pwquality and
pam_faillock respectively.
Since parameters of pam_cracklb and pam_tally2 are configurable through
Redfish, it's possible that they will remain in the overlay of
/etc/pam.d with the old module names preventing PAM from working
correctly. To avoid this, this commit includes a script that will detect
if the old modules are in the overlay and update the overlay with the
new modules and configuration.
The script will allow updates from libpam 1.3.1 to libpam 1.5.2, but if there
are configured parameters during a downgrade from libpam 1.5.2 to libpam
1.3.1, it will require a factory reset before the downgrade.
pam_pwquality was selected over pam_passwdqc because of better security
and compatibility with pam_cracklib.
Note pam_faillock is necessarily configured into the pam module stack
differently than pam_tally2.
This patchset causes a BMC operational change:
- The pam_tally2 command (invoked from the BMC's command line) is no
longer present. If you used the "pam_tally2 -u USER -r" command
to unlock a user after repeated authentication failures, change to
use: faillock --user USER --reset
Compatibility note / migration issue. If your BMC cannot authenticate
users after installing this change, the cause might be an overlayfs file
hiding the new /etc/pam.d/common-auth file. To find out, use
`grep deny= /etc/pam.d/common-auth` on your BMC. If it shows "tally2"
then your BMC is affected. The recovery is to delete the overlay file,
to factory reset the BMC, or manually-install the changed files.
The convert-pam-configs service is intended to handle this problem.
Tested: as follows, for local users only (not tested with LDAP)
Note OpenBMC configuration defaults to an AccountLockoutThreshold
value of 0 which does not lock account passwords no matter how many
consecutive failed authentication attempts. To configure this on
the BMC, for example, use:
curl -X PATCH https://${bmc}/redfish/v1/AccountService
-d '{"AccountLockoutThreshold": 3, "AccountLockoutDuration": 60}'
Tested update scenarios:
1. Install from scratch. Success.
2. Install over firmware which had old PAM configs. Success.
Tested update scenarios for the convert-pam-configs service.
Tested changing the password via various interfaces:
- the passwd command
- the PATCH Refish AccountService {Password: NEW}
- SSH (accessible only when the password is expired)
- IPMI user set password (accessible for unexpired password)
Tested both good and bad (unacceptable) passwords.
Tested account lockout after N bad passwords
Tested unlock via Redfish.
Also, because its implementation changed, ensure reading and writing the
D-Bus User AccountPolicy RememberOldPasswordTimes property continues to
work. There is no Redfish API for this.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
Change-Id: I7b712cf7cfbf7b0bc79da42f822540baee66ca4f
|
|
Change-Id: Ifd374c6fdc187595b2018d7a26c8cba6134c917e
Signed-off-by: Anthony <anthonyhkf@google.com>
|
|
Merge 2 platform BMC image, so need to have both RoT fw inside.
Tested:
1. Make sure target BMC image have both RoTs and they are
in right address.
2. Make sure other platforms are not affected.
3. Test on the target BMC image to make sure both platforms
are working well with both RoTs.
Change-Id: Icbe1b34b1a3fcd26433054b36e6cbbb52036d003
Signed-off-by: Claire Liao <claireliao@google.com>
|
|
Change-Id: I634dc095e0ef6602c67192e8ce7424716ef7e2dd
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
These features ensure that the kernels we ship are more stable, and
give us early warnings when we have deadlock causing bugs.
Change-Id: I2616f5faa8f98f84c86a6e6683c8b4a322c535db
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This is needed to enable a pretimeout watchdog in the kernel.
Change-Id: I2dc7fbea713e1805b0c50903b4f08f55f09c122e
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Due to the rng-tools systemd/sysvinit service being split into a package
during the subtree update, adding the corresponding suffix to resolve
the compile error.
Change-Id: I66930d75d081fc84e33ccdcff4d32ee2d3d36326
Signed-off-by: David Wang <davidwang@quantatw.com>
|
|
All traffic to/from tray are via gbmcbr. We need to allow the incoming
traffic that establish a tcp connection to allow bmc client traffic like
netboot downloading. This add a rule for that.
Change-Id: I2f3afeea6320b20d7e0f740b102b2f227799032d
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
npcm8xx-tip-fw already specifies per-IGPS_MACHINE configuration in
https://github.com/openbmc/openbmc/blob/4b8284784129e050c556b372e7116f884a168e8c/meta-nuvoton/recipes-bsp/images/npcm8xx-tip-fw_0.5.6.0.4.5.bb#L3
Change-Id: I635dfb6c2ed769d0f098e6ab2443dceaca79b789
Signed-off-by: Anthony <anthonyhkf@google.com>
|
|
Tested:
After build one platform,
cr51-image-layout.json:
```
{
"length": 55508992,
"name": "rofs",
"offset": 7340032,
"region_type": [
"STATIC",
"WRITE_PROTECTED"
]
},
,{
"length": 1048576,
"name": "hoth_secondary",
"offset": 62849024,
"region_type": []
}
```
Change-Id: Id7869f96ff65625547ff83640e300b2202c4aab8
Signed-off-by: Claire Liao <claireliao@google.com>
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7ae5c315d5a938b29c6fd5d68f07225d125ccead
|
|
Patrick Williams (1):
meson: remove deprecated get_pkgconfig_variable
Change-Id: I19a87645a14ff22e14b037faa505d6fc26794eb3
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
We want to coordinate with netboot server for powercycling instead of
triggering pwercycle ourselves. dhcp-done will send status based on the
parameters to the netboot server.
This is the first part, second part needs to be merged after installer
support
Change-Id: I4ebaaf06114fc36518a25cdc6cd9f093859963c8
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
Tested: can build one platform locally.
Change-Id: If40d9e3743aca14995c7b754a729cbdaed6c761f
Signed-off-by: Tom Tung <shes050117@gmail.com>
|
|
After https://gerrit.openbmc.org/c/openbmc/openbmc/+/61622, we need to
set the offset for uboot environment.
Change-Id: I573ba1139b90041a66ff7fe15635823545f0ba9f
Signed-off-by: Tom Tung <shes050117@gmail.com>
|
|
Otherwise, subsequent reboots will still have the file.
Change-Id: I16eed02d615759e785b978aef9550b203ae01090
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We have scripts modifying nftables rules, but we don't have nftables
guaranteed to be installed.
Change-Id: Ib859435de8a12b4c54572fbf816578898714d487
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This is allows us to store larger logs and see timestamps in the dmesg
output.
Change-Id: I3fe95b49579780917115f4a57afc35f9b594a994
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This enables it to be consumed by the syslog forwarder.
Change-Id: I67642017656abe6cbe9eb3613a477a7d0b8f6356
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Brandon Kim (1):
Update the default for "bm-signal-path" meson.option
Change-Id: I40ea9eb547e28ee4882fc86027d8f101143e713f
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Brandon Kim (2):
Fix presubmit failures with "prettier"
handler: Add check for file existence for BM mode
Change-Id: I8d9540dd5886422bc092d29e3ce706a7485ea3dc
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
We can't look directly at the `/var/google/gbmc-br-ip` file for all
platforms, so we need to look up the addresses directly from the bridge
interface.
Change-Id: Ib2a178e61d413a6e771a80a5b9eb44591daa5b5a
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Installer needs to trigger dhcp process when
netboot starts. Currently it just powercycles
the machine, which is not efficient.
This provides a script that installer can
invoke without powercycle machine.
Tested: tested manually on the machine and
verified that dhcp has started.
Change-Id: I6e596e3695f88543ad864eb431587a5f974f81b4
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
|
|
We don't want to use any implicitly generated SLAAC addresses as this
will allow our machine to think it is reachable even though megapede
will not be able to reach it via the DHCP derived address.
Change-Id: Iba73d8a96d8a6dfcd7988bf0cca44a5b14558290
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
William A. Kennington III (2):
ncsid: UpdateIP should not add the nul address
ncsid: Only delete static addresses
Change-Id: Iaa5a15bee6b88432d4af604d27faeb97e3aceaed
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
This makes it more flexible and supports hostnames that have extra
hyphens.
Tested: Against a number of hostnames to verify correctness
ytbbg7-n18.prod.google.com
ytbbg7
prod.google.com
ytbbg7.prod.google.com
ytbbg7
prod.google.com
ytbbg7-n18.google.com
ytbbg7
google.com
ytbbg7.google.com
ytbbg7
google.com
ndn44-nfd01.corp.google.com
ndn44
corp.google.com
ndn44.corp.google.com
ndn44
corp.google.com
pnhuna-bf4-nfd01.prod.google.com
pnhuna-bf4
prod.google.com
pnhuna-bf4.prod.google.com
pnhuna-bf4
prod.google.com
ytbbg7-n18.prod.bhgoogle.com
ytbbg7.prod.bhgoogle.com
pnhuna-nzf0.prod.google.com
pnhuna-nzf0
prod.google.com
Change-Id: I4de218a4d77a34985d21098bf05db6ece990bb8f
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This variable is set by default based on the latest tag, but this
doesn't work in Google's environment. Set it to be the same as
DISTRO_VERSION instead, which is based on a version variable passed in
from the environment.
Tested: Built for kudo and examined os-release
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
Change-Id: Ib9acabae57ed69f4d32f0256f8425923039f4a8a
|
|
Support hardware watchdog for openbmc. Added systemd config to
enable '/dev/watchdog'.
Tested: tested and verified on greatlakes platform.
Change-Id: Ic46bcd9b8576530be7dcdda51384e1052d4a78f1
Signed-off-by: Delphine CC Chiu <Delphine_CC_Chiu@wiwynn.com>
|
|
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I8e54833ac78e540e9dd5011533d53ff9a3af6763
|
|
This patch unifies the way to reset chassis for gBMC platforms. Note
that we can still customize this in the meta machine layer if needed.
Tested:
```
// from build dir:
cat tmp/work/*/x86-power-control/*/package/lib/systemd/system/chassis-system-reset.service
[Unit]
Description=System unit to hard reset or system reset chassis
Conflicts=xyz.openbmc_project.psusensor.service
Wants=gbmc-psu-hardreset.target
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=true
[Install]
WantedBy=chassis-system-reset.target
// scp the service files from build directory to bmc.
// From bmc:
bmc:~# systemctl start chassis-system-reset.service
bmc:~# Timeout, server xxx not responding.
```
Google-Bug-Id: 263450334
Signed-off-by: Tom Tung <tomtung@google.com>
Change-Id: I2c877324482afff0d41129db5d0340d44d9352d1
|
