Discussion on openbmc issue #430

Fri Aug 12 23:56:24 AEST 2016

*Design and Implement Framework for IPMI backend*
------------------------------------------------------------------------------
The purpose of this is to come up with a mechanism to share providers 
between the host-ipmid and the rmcp-ipmid.
Also, update existing providers and host-ipmid to fit this framework. 
Demo of this story should be to use an existing
host-ipmid provider via the rmcp path.

*Registering Callback Routines:-*
-----------------------------------------------
1) Open the IPMI library path(/usr/lib/phosphor-host-ipmid)
2) Scan for libraries that end with .so
3) Do a dlopen that would register the handlers for the callback routines.
The data that is currently registered for each command: Net Function, 
Command and Functor.

*Additional Metadata needed per command:-*
-----------------------------------------------------------------

*SessionLess Commands :-
*-------------------------------------*
*
This would mention whether the command can be executed without a 
session. For example
Get Channel Capabilities can be executed without a session.

*Minimum Privilege Required to Execute the command :-
*---------------------------------------------------------------------------------*

*This field would mention the minimum privilege of the session required 
to execute the
command. Before executing any command on a session, the command would be 
executed
only if the command privilege level is less than or equal to session 
privilege level.
The privilege levels are Administrator, Operator, User and Callback and OEM

*Firmware Firewalling :-
*--------------------------------*

**Channel Restriction :-
*------------------------------*

*The channel restriction can be applied if certain command needs to be 
restricted on System
Interface or LAN Interface.

The Get NetFn/ Command support can be used to get a list of commands 
that are supported
on a given channel. Implementation of these commands is not in the scope 
of this story.

*Command Firewalling:-
*--------------------------------*

*Configuration of Firmware Firewall capabilities is supported by 
commands that allow software to enable/disable individual commands.
The Firmware Firewall capability does not affect the operation of user 
and channel privileges.
That is, if a command requires Admin privilege level to be executed, it 
will still require Admin privilege if enabled by Firmware Firewall.

The different values that are supported for this field is:
a) Command is supported by default(can be configured(enabled or disabled)
b) Supported and cannot be configured( enable/disable is restricted)
c) Disabled by default but can be configured.

The firmware firewalling commands once supported would support the above 
operations.

Regards,
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20160812/1a6ed876/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IPMI Provider Integration.pdf
Type: application/pdf
Size: 34728 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20160812/1a6ed876/attachment-0001.pdf>