Message ID | 20190430052025.4388-3-sam@mendozajonas.com |
---|---|
State | Superseded |
Headers | show |
Series | [v3,1/3] include/ipmi: Fix incorrect chassis commands | expand |
On Tue, 30 Apr 2019, at 14:51, Samuel Mendoza-Jonas wrote: > Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> Acked-by: Andrew Jeffery <andrew@aj.id.au> > --- > doc/bmc.rst | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > > diff --git a/doc/bmc.rst b/doc/bmc.rst > index bbb390a7..a876aa06 100644 > --- a/doc/bmc.rst > +++ b/doc/bmc.rst > @@ -53,3 +53,25 @@ Real-time clock > > On platforms where a real-time-clock is not available, skiboot may use > the > IPMI SEL Time as a real-time-clock device. > + > +SBE validation > +-------------- > + > +On some P8 platforms with an AMI or SMC BMC (ie. astbmc) SBE > validation is done > +by a tool on the BMC. This is done to inspect the SBE and detect if a > malicious > +host has written to the SBE, especially in multi-tenant > +"Bare-Metal-As-A-Service" scenarios. > + > +To complicate this the SBE validation occurs at host-runtime and reads > the SBE > +SEEPROM over I2C using the FSI master which will conflict with > anything the > +host may be doing at the same time. To avoid this Skiboot will pause > boot until > +the validation is complete. > +If SBE validation is required the BMC will communicate this to Skiboot > by > +setting an IPMI System Boot Option with OEM parameter 0x62. When this > flag is > +set Skiboot will pause and wait for the validation to complete and the > flag to > +be cleared. This ensures the validation completes before the execution > is passed > +to Petitboot and the host operating system. During this process > Skiboot will > +print > + SBE validation required, waiting for completion > + System will be powered off if validation fails > +to the console with an update every minute until complete. > -- > 2.21.0 > > _______________________________________________ > Skiboot mailing list > Skiboot@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/skiboot >
diff --git a/doc/bmc.rst b/doc/bmc.rst index bbb390a7..a876aa06 100644 --- a/doc/bmc.rst +++ b/doc/bmc.rst @@ -53,3 +53,25 @@ Real-time clock On platforms where a real-time-clock is not available, skiboot may use the IPMI SEL Time as a real-time-clock device. + +SBE validation +-------------- + +On some P8 platforms with an AMI or SMC BMC (ie. astbmc) SBE validation is done +by a tool on the BMC. This is done to inspect the SBE and detect if a malicious +host has written to the SBE, especially in multi-tenant +"Bare-Metal-As-A-Service" scenarios. + +To complicate this the SBE validation occurs at host-runtime and reads the SBE +SEEPROM over I2C using the FSI master which will conflict with anything the +host may be doing at the same time. To avoid this Skiboot will pause boot until +the validation is complete. +If SBE validation is required the BMC will communicate this to Skiboot by +setting an IPMI System Boot Option with OEM parameter 0x62. When this flag is +set Skiboot will pause and wait for the validation to complete and the flag to +be cleared. This ensures the validation completes before the execution is passed +to Petitboot and the host operating system. During this process Skiboot will +print + SBE validation required, waiting for completion + System will be powered off if validation fails +to the console with an update every minute until complete.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> --- doc/bmc.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)