phosphor-ipmi-flash in-band update question

Patrick Venture venture at google.com
Tue Jul 16 02:57:13 AEST 2019


On Wed, Jul 10, 2019 at 2:00 AM George Hung (洪忠敬)
<George.Hung at quantatw.com> wrote:
>
> Hi Patrick,
>
>
>
> We’d like to do in-band firmware update by phosphor-ipmi-flash, but it must provide the signature file otherwise it exited directly.

You must provide a verification mechanism, this can just be a script
that writes "success" to the output file.

That can be in a script that's called by a service installed to the
verification target listed on the README.

IMAGE_FILE=/run/initramfs/bmc-image
VERIFIED_FILE=/run/initramfs/image-bmc
STATUS_FILE=/tmp/bmc.verify
mv ${IMAGE_FILE} ${VERIFIED_FILE}
echo "success" > ${STATUS_FILE}

>
>
>
> How do we make the appropriate signature file for phosphor-ipmi-flash and also verify it successfully ?

You can do whatever signature you wish, could just be md5sum.  In
which case, on the host you can md5sum the image-bmc file, and then
write the md5sum to a file, that's sent down as the signature file.
Then the script above could compare the md5s before writing success.

Are you using static layout, or ubi?
If you're using static layout, it currently writes the bytes to
IMAGE_FILE above by default.  So you'd need something like the above
script to move it into a usable update name.

Again, this is if you're using this type of update mechanism.  If
you're using phosphor-bmc-code-mgmt, then there is something more to
be done, and it's not yet supported.  Hopefully it will be in a couple
weeks.

>
>
>
> Or is there a way to do FW update without a signature file?

Yes, see above.  Although I do recommend trying to check against
something to validate the bytes are what you expect.
>
>
>
> Besides, since we use Nuvoton BMC to update by LPC bridge, it needs to configure the MAPPED_ADDRESS as the reserved memory region.
>
>
>
> Does it have to add the similar configuration to device tree like Aspeed ?

Yes.  The MAPPED_ADDRESS for the Aspeed is the memory-region you've
set aside in your device-tree for the BMC.

>
>
>
>
>
> Thanks.


More information about the openbmc mailing list