Discussion on openbmc issue #430

tomjose tomjose at linux.vnet.ibm.com
Fri Aug 12 23:56:24 AEST 2016

*Design and Implement Framework for IPMI backend*
The purpose of this is to come up with a mechanism to share providers 
between the host-ipmid and the rmcp-ipmid.
Also, update existing providers and host-ipmid to fit this framework. 
Demo of this story should be to use an existing
host-ipmid provider via the rmcp path.

*Registering Callback Routines:-*
1) Open the IPMI library path(/usr/lib/phosphor-host-ipmid)
2) Scan for libraries that end with .so
3) Do a dlopen that would register the handlers for the callback routines.
The data that is currently registered for each command: Net Function, 
Command and Functor.

*Additional Metadata needed per command:-*

*SessionLess Commands :-
This would mention whether the command can be executed without a 
session. For example
Get Channel Capabilities can be executed without a session.

*Minimum Privilege Required to Execute the command :-

*This field would mention the minimum privilege of the session required 
to execute the
command. Before executing any command on a session, the command would be 
only if the command privilege level is less than or equal to session 
privilege level.
The privilege levels are Administrator, Operator, User and Callback and OEM

*Firmware Firewalling :-

**Channel Restriction :-

*The channel restriction can be applied if certain command needs to be 
restricted on System
Interface or LAN Interface.

The Get NetFn/ Command support can be used to get a list of commands 
that are supported
on a given channel. Implementation of these commands is not in the scope 
of this story.

*Command Firewalling:-

*Configuration of Firmware Firewall capabilities is supported by 
commands that allow software to enable/disable individual commands.
The Firmware Firewall capability does not affect the operation of user 
and channel privileges.
That is, if a command requires Admin privilege level to be executed, it 
will still require Admin privilege if enabled by Firmware Firewall.

The different values that are supported for this field is:
a) Command is supported by default(can be configured(enabled or disabled)
b) Supported and cannot be configured( enable/disable is restricted)
c) Disabled by default but can be configured.

The firmware firewalling commands once supported would support the above 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20160812/1a6ed876/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IPMI Provider Integration.pdf
Type: application/pdf
Size: 34728 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20160812/1a6ed876/attachment-0001.pdf>

More information about the openbmc mailing list