Control and uses of USB for BMC's own internal uses
Bruce Mitchell
bruce.mitchell at linux.vnet.ibm.com
Tue Oct 19 05:36:09 AEDT 2021
On 10/17/2021 11:55, Bruce Mitchell wrote:
> This thread BMC's USB means for the BMC's own uses
> not for Host's uses nor to provide services to the
> Host. Thus, if I said "Disable the BMC's USB" that
> would not impact the Host in any fashion.
>
> I need to be able to control the BMC's USB ports
> to prevent BMC uses of USB Pen Drive updates and
> independently prevent the BMC uses of USB serial
> cable for UPS. As well as re-enable those usages.
>
> Clearly in this Gerrit review the term Disabled was
> not defined. 47180: bmc-usb: property to track usb state
> https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/47180
>
>
> Also, since this is related to security of the BMC
> my intent was to offer the users a clear way to
> achieve the control of the BMC's USB ports without
> the users needing to know any of the Servers' USB
> topology. I personally find complicated user options
> for features adds risk to the system security.
>
> A recommendation I have receive is to use phosphor-state-manager.
>
> Also, from what I have observed this control of the
> BMC's USB ports may be unique to my company (IBM).
> And thus, an OEM solution may be best.
>
> Does anyone else have a need or desire to control the
> BMC's USB ports?
Also suggested utilize https://github.com/openbmc/service-config-manager
to disable/enable the service and make it like enable/disable SSH
via Redfish via bmcweb
More information about the openbmc
mailing list