IPMI Restriction Mode

Kumar Thangavel kumarthangavel.hcl at gmail.com
Wed May 4 00:16:02 AEST 2022 

Hi Vernon,

     We may need to write our own custom filter for other channels as you
suggested.
     While implementing this, we need some clarifications.

     1. How can we map channel Id's with settingsd restriction mode
dbus-objects ?
     2. The Ipmb channel has multiple devices in our system, How can we
handle and apply this multiple Ipmb interfaces with
settingsd restriction mode dbus-objects ?

     Please refer below link for multiple Ipmb channels for our system.


https://github.com/openbmc/openbmc/blob/master/meta-facebook/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/yosemitev2/ipmb-channels.json

      Already we have "hostIdx'' in ipmi::Context struct, which represents
the data coming from which hosts. Even Though if we plan to use this
"hostIdx" ,  it is still not clear how we can map this "hostIdx'' with
settingsd restriction mode dbus-objects.

   Otherwise, can we have some Schema(Rules) to follow the channel order
for this channel and devices(settingsd dbus-objects) mapping ?
    Ex:   First 4 or 6 channel is for host 1 - host4
             Next channel is for  Debug card,
             Rest of the channel is for other devices.

   I think we need to maintain this order in settingsd config file and
ipmb-channels.json config file for this channel and device mapping.

  Could you please provide your suggestion on this.

Thanks,
Kumar.

On Tue, Apr 26, 2022 at 9:25 PM Kumar Thangavel <
kumarthangavel.hcl at gmail.com> wrote:

> Thanks for your response and suggestions.
>
> --Kumar.
>
> On Sat, Apr 23, 2022 at 4:55 AM Vernon Mauery <
> vernon.mauery at linux.intel.com> wrote:
>
>> On 18-Apr-2022 04:56 PM, Kumar Thangavel wrote:
>> >Thanks for the response and clarification.
>> >
>> >I will clarify my question here,
>> >
>> >IPMI restriction mode support has been added for host devices which
>> support
>> >IPMI.
>> >This restriction mode support can be enabled or disabled from the
>> >phosphor-settingsd configuration (.yaml) file.
>> >
>> >Please check the below link for .yaml file of phosphor-settingsd.
>> >
>> >
>> https://github.com/openbmc/openbmc/blob/7298b2478ec25cc1814124af523acc4ffade05e6/meta-phosphor/recipes-phosphor/settings/phosphor-settings-defaults/host-template.yaml#L61
>> >
>> >We wanted to add restriction mode support for other IPMI based devices
>> >(Debug card).
>> >Already phosphor-ipmi-host supports filters for all  IPMI commands which
>> >have ipmi::Context objects.
>> >So, How can we enable/disable this restriction mode support
>> >from phosphor-settings for other IPMI based devices(Debug card). ?
>>
>> I understand that currently only the host channel is using the
>> restriction mode. You want to add it for other channels. This has
>> already been done in the intel-ipmi-oem repo, if you want to take a look
>> at that. It allows a fine-grained mechanism for command filtering, based
>> on the channel and the restriction mode (although currently, I think the
>> restriction mode still only applies to the host channel).
>>
>> My point is that it is pretty easy to come up with a custom filter
>> mechanism that should suit you. There is even an option to disable the
>> built-in filter so you can supply your own.
>>
>> --Vernon
>>
>> >
>> >
>> >
>> >On Thu, Apr 14, 2022 at 6:15 AM Vernon Mauery <
>> vernon.mauery at linux.intel.com>
>> >wrote:
>> >
>> >> On 04-Apr-2022 12:49 PM, Kumar Thangavel wrote:
>> >> >Hi All,
>> >> >
>> >> >        IPMI Restriction mode support has been added for host machines
>> >> >which support IPMI.
>> >> >
>> >> >
>> >>
>> https://github.com/openbmc/openbmc/blob/7298b2478ec25cc1814124af523acc4ffade05e6/meta-phosphor/recipes-phosphor/settings/phosphor-settings-defaults/host-template.yaml#L61
>> >> >
>> >> >        How IPMI restriction mode support can be added for other than
>> host
>> >> >devices (IPMI based devices). Ex Debug card.  ?
>> >>
>> >> I am not exactly sure what you are asking for here. When you say other
>> >> devices, are you asking about restricting commands based on what
>> channel
>> >> they come in on?
>> >>
>> >> This is possible. A filter can filter on any criteria that is available
>> >> with the ipmi::Context object and the command. It can even extract
>> >> command data and take action there. I only say this if you are
>> >> interested in writing a new filter of your own.
>> >>
>> >> But if you want to see a filter that is already implemented that
>> >> restricts commands based on BMC state and incoming channel, you can
>> look
>> >> at the filtering done in the intel-ipmi-oem repo.
>> >>
>> >> If my guess at what you meant was wrong, please clarify and I will try
>> >> again.
>> >>
>> >> --Vernon
>> >>
>> >> >        Could you please provide any suggestions or any docs ?
>> >> >
>> >> >Thanks,
>> >> >Kumar.
>> >>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220503/2a9e1054/attachment-0001.htm>

More information about the openbmc mailing list