Romulus to use Virtual PNOR
Alexander Amelkin
a.amelkin at yadro.com
Thu Feb 14 22:03:07 AEDT 2019
14.02.2019 6:03, Lei YU wrote:
> Based on the discussion, let's keep using static flash layout for PNOR on
> Romulus.
>
> This brings the questions:
> 1. Shall we move the legacy code update service
> (org.openbmc.control.Flash.service) to the new one
> (xyz.openbmc_project.Software.xxx.service)?
> 2. How do we plan to support PNOR version, image verification for static flash
> layout?
What's the problem with version and image verification?
The installed PNOR reports its version via IPMI FRU now, so we know the installed version.
The version supplied in the update can be checked using the image container header.
Image integrity/validity checks can also be performed using container header information.
The header meta-information can be then saved on BMC side to perform PNOR contents checks before starting the host.
You could also reserve a section in PNOR itself for that meta-info, but IMO that would be less secure than storing the info in BMC.
Alexander.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190214/beb3f896/attachment.sig>
More information about the openbmc
mailing list