[Skiboot] [PATCH v3 3/3] doc/bmc: Document SBE validation on P8 platforms

[Andrew Jeffery]

On Tue, 30 Apr 2019, at 14:51, Samuel Mendoza-Jonas wrote:
> Signed-off-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>

Acked-by: Andrew Jeffery <andrew at aj.id.au>

> ---
>  doc/bmc.rst | 22 ++++++++++++++++++++++
>  1 file changed, 22 insertions(+)
> 
> diff --git a/doc/bmc.rst b/doc/bmc.rst
> index bbb390a7..a876aa06 100644
> --- a/doc/bmc.rst
> +++ b/doc/bmc.rst
> @@ -53,3 +53,25 @@ Real-time clock
>  
>  On platforms where a real-time-clock is not available, skiboot may use 
> the
>  IPMI SEL Time as a real-time-clock device.
> +
> +SBE validation
> +--------------
> +
> +On some P8 platforms with an AMI or SMC BMC (ie. astbmc) SBE 
> validation is done
> +by a tool on the BMC. This is done to inspect the SBE and detect if a 
> malicious
> +host has written to the SBE, especially in multi-tenant
> +"Bare-Metal-As-A-Service" scenarios.
> +
> +To complicate this the SBE validation occurs at host-runtime and reads 
> the SBE
> +SEEPROM over I2C using the FSI master which will conflict with 
> anything the
> +host may be doing at the same time. To avoid this Skiboot will pause 
> boot until
> +the validation is complete.
> +If SBE validation is required the BMC will communicate this to Skiboot 
> by
> +setting an IPMI System Boot Option with OEM parameter 0x62. When this 
> flag is
> +set Skiboot will pause and wait for the validation to complete and the 
> flag to
> +be cleared. This ensures the validation completes before the execution 
> is passed
> +to Petitboot and the host operating system. During this process 
> Skiboot will
> +print
> +      SBE validation required, waiting for completion
> +      System will be powered off if validation fails
> +to the console with an update every minute until complete.
> -- 
> 2.21.0
> 
> _______________________________________________
> Skiboot mailing list
> Skiboot at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/skiboot
>