[EXTERNAL] Re: BMC update via TFTP
Joseph Reynolds
jrey at linux.ibm.com
Wed Dec 11 08:10:53 AEDT 2019
On 12/10/19 12:58 PM, Neeraj Ladkani wrote:
> Are there any thoughts to get rid of BMC reset to trigger FW update? I understand FW reset is required after the update.
I'm not sure I understand the question. I think the answer depends on
the [Software.VersionPurpose][1].
For VersionPurpose=BMC or System, the BMC must be reset.
For VersionPurpose=Host, PSU, or Other, I don't know why the BMC would
need to be reset.
Do you want to be able to update non-BMC firmware without having to
reset the BMC?
- Joseph
[1]:
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Software/Version.interface.yaml
>
> -----Original Message-----
> From: openbmc <openbmc-bounces+neladk=microsoft.com at lists.ozlabs.org> On Behalf Of Joseph Reynolds
> Sent: Monday, December 9, 2019 5:25 PM
> To: Alexander Tereschenko <aleksandr.v.tereschenko at linux.intel.com>; openbmc at lists.ozlabs.org
> Subject: [EXTERNAL] Re: BMC update via TFTP
>
> On 12/9/19 10:06 AM, Alexander Tereschenko wrote:
>> On 06-Dec-19 23:52, Joseph Reynolds wrote:
>>> I was thinking along the lines of adding [SFTP][] (or SCP) support
>>> and then migrating existing TFTP users to the new secure solution.
[...snip...]
>> Yes, that could be a solution for the problem we discuss, providing
>> both integrity and confidentiality, without any major OpenBMC
>> development necessary - but it would mean more operational burden for
>> BMC admins. The problem with SCP/SFTP in this context is that for this
>> to work in the same manner as TFTP, the BMC must be an SSH client -
>> i.e. have some sort of identity/credentials for the SCP/SFTP server
>> provisioned first. That might not be the easiest solution to setup,
>> but it's of course possible and can be automated if OpenBMC provides
>> respective config knobs.
>>
>> Existing ways we have in code-update.md either don't require
>> credentials (TFTP), so being a client is easy, or are not making a
>> "client" from BMC, it's the admin who uploads stuff (SCP/REST).
> Yes, that's what I was thinking. (And no, I am not going to recommend setting up a SCP or SFTP server that allows anonymous access.)
>
> This highlight the need for OpenBMC to put together a guide to provisioning your BMC. Such as guide would give us a place to talk about uploading to the BMC SSH client certificates needed to access and download the firmware images.
>
> - Joseph
>
>> regards,
>> Alexander
>>
More information about the openbmc
mailing list