IPMI Restriction Mode
Vernon Mauery
vernon.mauery at linux.intel.com
Sat Apr 23 09:24:56 AEST 2022
On 18-Apr-2022 04:56 PM, Kumar Thangavel wrote:
>Thanks for the response and clarification.
>
>I will clarify my question here,
>
>IPMI restriction mode support has been added for host devices which support
>IPMI.
>This restriction mode support can be enabled or disabled from the
>phosphor-settingsd configuration (.yaml) file.
>
>Please check the below link for .yaml file of phosphor-settingsd.
>
>https://github.com/openbmc/openbmc/blob/7298b2478ec25cc1814124af523acc4ffade05e6/meta-phosphor/recipes-phosphor/settings/phosphor-settings-defaults/host-template.yaml#L61
>
>We wanted to add restriction mode support for other IPMI based devices
>(Debug card).
>Already phosphor-ipmi-host supports filters for all IPMI commands which
>have ipmi::Context objects.
>So, How can we enable/disable this restriction mode support
>from phosphor-settings for other IPMI based devices(Debug card). ?
I understand that currently only the host channel is using the
restriction mode. You want to add it for other channels. This has
already been done in the intel-ipmi-oem repo, if you want to take a look
at that. It allows a fine-grained mechanism for command filtering, based
on the channel and the restriction mode (although currently, I think the
restriction mode still only applies to the host channel).
My point is that it is pretty easy to come up with a custom filter
mechanism that should suit you. There is even an option to disable the
built-in filter so you can supply your own.
--Vernon
>
>
>
>On Thu, Apr 14, 2022 at 6:15 AM Vernon Mauery <vernon.mauery at linux.intel.com>
>wrote:
>
>> On 04-Apr-2022 12:49 PM, Kumar Thangavel wrote:
>> >Hi All,
>> >
>> > IPMI Restriction mode support has been added for host machines
>> >which support IPMI.
>> >
>> >
>> https://github.com/openbmc/openbmc/blob/7298b2478ec25cc1814124af523acc4ffade05e6/meta-phosphor/recipes-phosphor/settings/phosphor-settings-defaults/host-template.yaml#L61
>> >
>> > How IPMI restriction mode support can be added for other than host
>> >devices (IPMI based devices). Ex Debug card. ?
>>
>> I am not exactly sure what you are asking for here. When you say other
>> devices, are you asking about restricting commands based on what channel
>> they come in on?
>>
>> This is possible. A filter can filter on any criteria that is available
>> with the ipmi::Context object and the command. It can even extract
>> command data and take action there. I only say this if you are
>> interested in writing a new filter of your own.
>>
>> But if you want to see a filter that is already implemented that
>> restricts commands based on BMC state and incoming channel, you can look
>> at the filtering done in the intel-ipmi-oem repo.
>>
>> If my guess at what you meant was wrong, please clarify and I will try
>> again.
>>
>> --Vernon
>>
>> > Could you please provide any suggestions or any docs ?
>> >
>> >Thanks,
>> >Kumar.
>>
More information about the openbmc
mailing list