From patchwork Thu May 9 03:08:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1097316 X-Patchwork-Delegate: hegdevasant@linux.vnet.ibm.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44zyxV4Pq0z9s9y for ; Thu, 9 May 2019 13:09:34 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="fa2y7LDh"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s00V2obB"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 44zyxV3JWrzDqLp for ; Thu, 9 May 2019 13:09:34 +1000 (AEST) X-Original-To: skiboot-stable@lists.ozlabs.org Delivered-To: skiboot-stable@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.27; helo=out3-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="fa2y7LDh"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s00V2obB"; dkim-atps=neutral Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 44zywq5H5qzDqL0; Thu, 9 May 2019 13:08:59 +1000 (AEST) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 8536124B3D; Wed, 8 May 2019 23:08:57 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 08 May 2019 23:08:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm2; bh=hf9LzIhj4CmcViXhA1qPbZ/oTm9eO0gFn3+v1+ugcP0=; b=fa2y7 LDhrLfCBdJh+IhLqYzgzMUWn+85EX/mzm8mXKbDaPwoQV/YNE7sj3qy4NP2Vln/o bQmR29XV3Q/fdtOEqnArR9JGw11Is79h70j2U3PfN8SvJT6kxyT/cpCk1yerrm4F CPvpqCx4OxCLfuLsWmfZqxE6yNFtnwbchxDFRYto9DkKAs72/eVy3dQ7GKcE8Sje acj5EpICrHoWe32NDnnUQkYSn/tn4z+T2ewzTOb3ACiJtyv0FF9SJEK40oYwPeQi wUKeCcQ5jkAlssOgOU9BDugbeAh/UlPG6ETMPCVaKylrF9nL36URCMmzruVslbee M8hLgxGN1hOfUc6Gw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=hf9LzIhj4CmcViXhA1qPbZ/oTm9eO0gFn3+v1+ugcP0=; b=s00V2obB X+O4xFRMpQZLMg/9CoB4tldntMmnXARlEHhAok6W/fiWneiY5fyVfn0iTHhzwoi0 EdGxJ5lKUE9RrY503wJSgoPfUzYONOj6Dvs586tkby86sShOnhC4QxBH6BYBj0aU Sgi4cQkbVW9baZSt9MuB91vvitBVXMjMCPSGC5oLV+r6OnKVy6p+QOlraxVz0SPv mqYDuYxeM//h1fyC6rlYY8+2ZHH9DGLpzXdJpEJ0X9LblVhiq9rBX8cN/nVMBqVq A/epCJmt7onye/SYuDzOB7wZvMNtB3cBhqOPTEpSpy1QFhpEwSJEF5DyGiCqBX4q BU0CQqYXJIEUMw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrkeeggdeiiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffojghfggfgsedtkeertd ertddtnecuhfhrohhmpefurghmuhgvlhcuofgvnhguohiirgdqlfhonhgrshcuoehsrghm sehmvghnughoiigrjhhonhgrshdrtghomheqnecukfhppeduvddvrdelledrkedvrddutd enucfrrghrrghmpehmrghilhhfrhhomhepshgrmhesmhgvnhguohiirghjohhnrghsrdgt ohhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 3864C8005E; Wed, 8 May 2019 23:08:54 -0400 (EDT) From: Samuel Mendoza-Jonas To: skiboot@lists.ozlabs.org Date: Thu, 9 May 2019 13:08:41 +1000 Message-Id: <20190509030841.30628-3-sam@mendozajonas.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190509030841.30628-1-sam@mendozajonas.com> References: <20190509030841.30628-1-sam@mendozajonas.com> MIME-Version: 1.0 Subject: [Skiboot-stable] [PATCH v7 3/3] doc/bmc: Document SBE validation on P8 platforms X-BeenThere: skiboot-stable@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches, review, and discussion for stable releases of skiboot" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: skiboot-stable@lists.ozlabs.org Errors-To: skiboot-stable-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot-stable" Signed-off-by: Samuel Mendoza-Jonas Reviewed-by: Andrew Jeffery --- v4: Describe why we're rebooting now doc/bmc.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/bmc.rst b/doc/bmc.rst index bbb390a7..46ae863e 100644 --- a/doc/bmc.rst +++ b/doc/bmc.rst @@ -53,3 +53,30 @@ Real-time clock On platforms where a real-time-clock is not available, skiboot may use the IPMI SEL Time as a real-time-clock device. + +SBE validation +-------------- + +On some P8 platforms with an AMI or SMC BMC (ie. astbmc) SBE validation is done +by a tool on the BMC. This is done to inspect the SBE and detect if a malicious +host has written to the SBE, especially in multi-tenant +"Bare-Metal-As-A-Service" scenarios. + +To complicate this the SBE validation occurs at host-runtime and reads the SBE +SEEPROM over I2C using the FSI master which will conflict with anything the +host may be doing at the same time. To avoid this Skiboot will pause boot until +the validation is complete. +If SBE validation is required the BMC will communicate this to Skiboot by +setting an IPMI System Boot Option with OEM parameter 0x62. When this flag is +set Skiboot will pause and wait for the validation to complete and the flag to +be cleared. This ensures the validation completes before the execution is passed +to Petitboot and the host operating system and any conflicts could occur. During +this process Skiboot will print + SBE validation required, waiting for completion + System will be powered off if validation fails +to the console with an update every minute until complete. + +Unfortunately the validation performed by the BMC leaves the SBE in a bad +state. Once the validation is complete Skiboot will reboot to reset everything +to a good state and normal booting can resume. No such reboot is required if +the flag is not set and validation doesn't occur.