One-way dbus properties
Adriana Kobylak
anoo at linux.ibm.com
Thu May 2 01:32:44 AEST 2019
>
> What's the purpose of this property ? Why we are not using the same in
> RestrictionMode ? Any pointers when RestrictionMode::whitelist /
> blacklist will be used.
>
> Reason: Defining new one, and planning to use
> Security::RestrictionMode itself to indicate that BMC system in not
> deployed (i.e. not in field), or deployed with certain restriction?
>
FieldMode is an 'old' property used in the phosphor-bmc-code-mgmt repo
to make decisions such as if the code update should fail when there's a
digital signature mismatch, and whether /usr/local/ is allowed to be
mounted to allow the system to be patched.
I'd say it's a bit different than the IPMI whitelist in that it doesn't
necessarily block interfaces, but interfaces use it to make decisions.
Of course this may be implemented differently in Redfish.
There was just recently a request to return an error when trying to
clear it since historically it has been a no-op.
> How is it different from readonly property, so suppose there is a
> object which implements this interface.
>
> when this object gets created, as part of creation we can set the
> property, but after object creation user can,t set
>
> the property.
>
The intent is that the property is set by an external entity like
manufacturing, before a system is shipped, so we don't want to set it
when the object is created. We want to keep its value unset in the lab
machines, but if the value is set then it can't be cleared (and per
Deepak's comment should return an error instead of success).
More information about the openbmc
mailing list