Control and uses of USB for BMC's own internal uses

Tue Oct 19 08:19:05 AEDT 2021

On Mon, Oct 18, 2021 at 2:15 PM Bruce Mitchell
<bruce.mitchell at linux.vnet.ibm.com> wrote:
>
> On 10/18/2021 13:32, Ed Tanous wrote:
> > On Mon, Oct 18, 2021 at 11:36 AM Bruce Mitchell
> > <bruce.mitchell at linux.vnet.ibm.com> wrote:
> >>
> >> On 10/17/2021 11:55, Bruce Mitchell wrote:
> >>> This thread BMC's USB means for the BMC's own uses
> >>> not for Host's uses nor to provide services to the
> >>> Host.  Thus, if I said "Disable the BMC's USB" that
> >>> would not impact the Host in any fashion.
> >>>
> >>> I need to be able to control the BMC's USB ports
> >>> to prevent BMC uses of USB Pen Drive updates and
> >>> independently prevent the BMC uses of USB serial
> >>> cable for UPS.  As well as re-enable those usages.
> >>>
> >>> Clearly in this Gerrit review the term Disabled was
> >>> not defined.  47180: bmc-usb: property to track usb state
> >>> https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/47180
> >>>
> >>>
> >>> Also, since this is related to security of the BMC
> >>> my intent was to offer the users a clear way to
> >>> achieve the control of the BMC's USB ports without
> >>> the users needing to know any of the Servers' USB
> >>> topology.  I personally find complicated user options
> >>> for features adds risk to the system security.
> >>>
> >>> A recommendation I have receive is to use phosphor-state-manager.
> >>>
> >
> > Some clarifying questions:
> > There are physically available USB A ports connected directly to the
> > BMC on IBM platforms?  Or are these traces within the board?
> > What are these direct bmc usb ports used for normally?
> >
> > Considering that while the BMC use case is likely IBM specific, but
> > the idea of disabling a generic USB port isn't IBM specific, it seems
> > like we need a model for a USB port on dbus and relate it to the
> > various resources.  If and when a host interface wanted to implement a
> > similar feature, we'd be able to reuse it.
> >
>
> Yes, theses are physically available USB A ports directly connected
> to the BMC on IBM platforms.
> No, these are not traces within the board; "anyone can walk up and
> plugin a USB stick".
> USB Flash drive for firmware update of the BMC is the first uses case
> the second uses case is to talk to a UPS via a USB to Serial port.
>
> Please clarify "generic USB port".  From my perspective there are
> USB Ports to be used "owned" by the BMC's firmware and there are
> USB Ports to be used "owned" by the Host.  I know of no USB Ports that
> are shared by the BMC and the Host (I know that the physical BMC
> provides SIO and thus some USB ports as well to the Host in many
> situations, I see them as Host owned USB Ports).

There are platforms that have USB ports connected between the host and
BMC.  The point is, regardless of the owner, we should have a common
interface for it such that when and if "out of band host USB port
disabling" comes, we can simply implement the same interface and have
the code be very similar.  This is the same pattern we follow for
almost all other interfaces, so it should be pretty straightforward to
represent.

>
> >>> Also, from what I have observed this control of the
> >>> BMC's USB ports may be unique to my company (IBM).
> >>> And thus, an OEM solution may be best.
> >
> > Keep in mind, you'll need a new schema and collection for these
> > things;  I'd recommend starting up a thread with DMTF about getting
> > those added.  Keep in mind, they already have the "port" schema, which
> > might fulfill the need, although it doesn't have a USB enumeration, so
> > it's possible that's an intentional omission.
> >
> > https://github.com/openbmc/bmcweb/blob/master/OEM_SCHEMAS.md
> >
>
> I am going to let Brad address this one.
>
> >>>
> >>> Does anyone else have a need or desire to control the
> >>> BMC's USB ports?
> >>
> >> Also suggested utilize https://github.com/openbmc/service-config-manager
> >> to disable/enable the service and make it like enable/disable SSH
> >> via Redfish via bmcweb
>