IPMI Restriction Mode

Vernon Mauery vernon.mauery at linux.intel.com
Wed May 4 09:04:33 AEST 2022


On 03-May-2022 07:46 PM, Kumar Thangavel wrote:
>Hi Vernon,
>
>     We may need to write our own custom filter for other channels as you
>suggested.
>     While implementing this, we need some clarifications.
>
>     1. How can we map channel Id's with settingsd restriction mode
>dbus-objects ?

Set up a restriction mode object for each channel? This is really up to 
your implementation.

>     2. The Ipmb channel has multiple devices in our system, How can we
>handle and apply this multiple Ipmb interfaces with
>settingsd restriction mode dbus-objects ?
>
>     Please refer below link for multiple Ipmb channels for our system.
>

When ipmb channel commands come in, there is also rqSA set in the 
ipmi::Context. This should be unique per device. Will this work for you?

--Vernon

>https://github.com/openbmc/openbmc/blob/master/meta-facebook/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/yosemitev2/ipmb-channels.json
>
>      Already we have "hostIdx'' in ipmi::Context struct, which represents
>the data coming from which hosts. Even Though if we plan to use this
>"hostIdx" ,  it is still not clear how we can map this "hostIdx'' with
>settingsd restriction mode dbus-objects.
>
>   Otherwise, can we have some Schema(Rules) to follow the channel order
>for this channel and devices(settingsd dbus-objects) mapping ?
>    Ex:   First 4 or 6 channel is for host 1 - host4
>             Next channel is for  Debug card,
>             Rest of the channel is for other devices.
>
>   I think we need to maintain this order in settingsd config file and
>ipmb-channels.json config file for this channel and device mapping.
>
>  Could you please provide your suggestion on this.
>
>Thanks,
>Kumar.
>
>On Tue, Apr 26, 2022 at 9:25 PM Kumar Thangavel <
>kumarthangavel.hcl at gmail.com> wrote:
>
>> Thanks for your response and suggestions.
>>
>> --Kumar.
>>
>> On Sat, Apr 23, 2022 at 4:55 AM Vernon Mauery <
>> vernon.mauery at linux.intel.com> wrote:
>>
>>> On 18-Apr-2022 04:56 PM, Kumar Thangavel wrote:
>>> >Thanks for the response and clarification.
>>> >
>>> >I will clarify my question here,
>>> >
>>> >IPMI restriction mode support has been added for host devices which
>>> support
>>> >IPMI.
>>> >This restriction mode support can be enabled or disabled from the
>>> >phosphor-settingsd configuration (.yaml) file.
>>> >
>>> >Please check the below link for .yaml file of phosphor-settingsd.
>>> >
>>> >
>>> https://github.com/openbmc/openbmc/blob/7298b2478ec25cc1814124af523acc4ffade05e6/meta-phosphor/recipes-phosphor/settings/phosphor-settings-defaults/host-template.yaml#L61
>>> >
>>> >We wanted to add restriction mode support for other IPMI based devices
>>> >(Debug card).
>>> >Already phosphor-ipmi-host supports filters for all  IPMI commands which
>>> >have ipmi::Context objects.
>>> >So, How can we enable/disable this restriction mode support
>>> >from phosphor-settings for other IPMI based devices(Debug card). ?
>>>
>>> I understand that currently only the host channel is using the
>>> restriction mode. You want to add it for other channels. This has
>>> already been done in the intel-ipmi-oem repo, if you want to take a look
>>> at that. It allows a fine-grained mechanism for command filtering, based
>>> on the channel and the restriction mode (although currently, I think the
>>> restriction mode still only applies to the host channel).
>>>
>>> My point is that it is pretty easy to come up with a custom filter
>>> mechanism that should suit you. There is even an option to disable the
>>> built-in filter so you can supply your own.
>>>
>>> --Vernon
>>>
>>> >
>>> >
>>> >
>>> >On Thu, Apr 14, 2022 at 6:15 AM Vernon Mauery <
>>> vernon.mauery at linux.intel.com>
>>> >wrote:
>>> >
>>> >> On 04-Apr-2022 12:49 PM, Kumar Thangavel wrote:
>>> >> >Hi All,
>>> >> >
>>> >> >        IPMI Restriction mode support has been added for host machines
>>> >> >which support IPMI.
>>> >> >
>>> >> >
>>> >>
>>> https://github.com/openbmc/openbmc/blob/7298b2478ec25cc1814124af523acc4ffade05e6/meta-phosphor/recipes-phosphor/settings/phosphor-settings-defaults/host-template.yaml#L61
>>> >> >
>>> >> >        How IPMI restriction mode support can be added for other than
>>> host
>>> >> >devices (IPMI based devices). Ex Debug card.  ?
>>> >>
>>> >> I am not exactly sure what you are asking for here. When you say other
>>> >> devices, are you asking about restricting commands based on what
>>> channel
>>> >> they come in on?
>>> >>
>>> >> This is possible. A filter can filter on any criteria that is available
>>> >> with the ipmi::Context object and the command. It can even extract
>>> >> command data and take action there. I only say this if you are
>>> >> interested in writing a new filter of your own.
>>> >>
>>> >> But if you want to see a filter that is already implemented that
>>> >> restricts commands based on BMC state and incoming channel, you can
>>> look
>>> >> at the filtering done in the intel-ipmi-oem repo.
>>> >>
>>> >> If my guess at what you meant was wrong, please clarify and I will try
>>> >> again.
>>> >>
>>> >> --Vernon
>>> >>
>>> >> >        Could you please provide any suggestions or any docs ?
>>> >> >
>>> >> >Thanks,
>>> >> >Kumar.
>>> >>
>>>
>>


More information about the openbmc mailing list