diff options
| author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2019-05-09 13:08:41 +1000 |
|---|---|---|
| committer | oohal <oohal@users.noreply.github.com> | 2019-05-10 16:50:45 +1000 |
| commit | 6ef47971a87d0e1c988ea50f0d7ff24ebcee62d1 (patch) | |
| tree | af6970d4604fc7b2ee2b4dd9dce9f1627810db3b | |
| parent | 757dfba75e0395f7cbb8e37fae2ab626899066a1 (diff) | |
| download | skiboot-6ef47971a87d0e1c988ea50f0d7ff24ebcee62d1.zip skiboot-6ef47971a87d0e1c988ea50f0d7ff24ebcee62d1.tar.gz skiboot-6ef47971a87d0e1c988ea50f0d7ff24ebcee62d1.tar.bz2 | |
doc/bmc: Document SBE validation on P8 platforms
[ Upstream commit 5e8a373ebe4dea501245e1103de9ca3abc7ab976 ]
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
| -rw-r--r-- | doc/bmc.rst | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/bmc.rst b/doc/bmc.rst index bbb390a..46ae863 100644 --- a/doc/bmc.rst +++ b/doc/bmc.rst @@ -53,3 +53,30 @@ Real-time clock On platforms where a real-time-clock is not available, skiboot may use the IPMI SEL Time as a real-time-clock device. + +SBE validation +-------------- + +On some P8 platforms with an AMI or SMC BMC (ie. astbmc) SBE validation is done +by a tool on the BMC. This is done to inspect the SBE and detect if a malicious +host has written to the SBE, especially in multi-tenant +"Bare-Metal-As-A-Service" scenarios. + +To complicate this the SBE validation occurs at host-runtime and reads the SBE +SEEPROM over I2C using the FSI master which will conflict with anything the +host may be doing at the same time. To avoid this Skiboot will pause boot until +the validation is complete. +If SBE validation is required the BMC will communicate this to Skiboot by +setting an IPMI System Boot Option with OEM parameter 0x62. When this flag is +set Skiboot will pause and wait for the validation to complete and the flag to +be cleared. This ensures the validation completes before the execution is passed +to Petitboot and the host operating system and any conflicts could occur. During +this process Skiboot will print + SBE validation required, waiting for completion + System will be powered off if validation fails +to the console with an update every minute until complete. + +Unfortunately the validation performed by the BMC leaves the SBE in a bad +state. Once the validation is complete Skiboot will reboot to reset everything +to a good state and normal booting can resume. No such reboot is required if +the flag is not set and validation doesn't occur. |