Control and uses of USB for BMC's own internal uses
Bruce Mitchell
bruce.mitchell at linux.vnet.ibm.com
Mon Oct 18 05:55:00 AEDT 2021
This thread BMC's USB means for the BMC's own uses
not for Host's uses nor to provide services to the
Host. Thus, if I said "Disable the BMC's USB" that
would not impact the Host in any fashion.
I need to be able to control the BMC's USB ports
to prevent BMC uses of USB Pen Drive updates and
independently prevent the BMC uses of USB serial
cable for UPS. As well as re-enable those usages.
Clearly in this Gerrit review the term Disabled was
not defined. 47180: bmc-usb: property to track usb state
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/47180
Also, since this is related to security of the BMC
my intent was to offer the users a clear way to
achieve the control of the BMC's USB ports without
the users needing to know any of the Servers' USB
topology. I personally find complicated user options
for features adds risk to the system security.
A recommendation I have receive is to use phosphor-state-manager.
Also, from what I have observed this control of the
BMC's USB ports may be unique to my company (IBM).
And thus, an OEM solution may be best.
Does anyone else have a need or desire to control the
BMC's USB ports?
More information about the openbmc
mailing list