phosphor-bmc-security-check.service - OpenGrok history log for /openbmc/phosphor-state-manager/service_files/phosphor-bmc-security-check.service

Revision	Date	Author	Comments
# 46068d9b	14-Feb-2023	Brad Bishop <bradleyb@fuzziesquirrel.com>	treewide: remove dependencies on mapper.target The mapper is dbus activated now, so these explicit dependency declarations are unnecessary and redundant. Change-Id: I9898fa6c9918a6ab4fe166acf5d335f treewide: remove dependencies on mapper.target The mapper is dbus activated now, so these explicit dependency declarations are unnecessary and redundant. Change-Id: I9898fa6c9918a6ab4fe166acf5d335f89c1540fd Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com> show more ...
# 1662ba6b	18-Mar-2022	Andrew Geissler <geissonator@yahoo.com>	secure-boot: add service to run new secure check Tested: - Built image with new service installed and verified that when QuiesceOnHwError was not set, we just got this: Mar 18 16:09:46 p10bmc syst secure-boot: add service to run new secure check Tested: - Built image with new service installed and verified that when QuiesceOnHwError was not set, we just got this: Mar 18 16:09:46 p10bmc systemd[1]: Starting Phosphor BMC Security Check... Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: bmc-secure-boot gpio found and indicates it is NOT enabled Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: Read 0 from secure_boot Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: Read 0 from abr_image Mar 18 16:09:47 p10bmc systemd[1]: Finished Phosphor BMC Security Check. - When QuiesceOnHwError was set, we got this: Mar 18 16:37:10 p10bmc systemd[1]: Starting Phosphor BMC Security Check... Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: bmc-secure-boot gpio found and indicates it is NOT enabled Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: Read 0 from secure_boot Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: Read 0 from abr_image Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: The system is not secure Mar 18 16:37:10 p10bmc systemd[1]: Finished Phosphor BMC Security Check. AND a log: "Severity" : { "type" : "s", "data" : "xyz.openbmc_project.Logging.Entry.Level.Warning" }, "Message" : { "type" : "s", "data" : "xyz.openbmc_project.State.Error.SecurityCheckFail" }, "EventId" : { "type" : "s", "data" : "BD8D3405 00000055 2E2D0010 00000000 00000000 00000000 00000000 00000000 00000000" }, "AdditionalData" : { "type" : "as", "data" : [ "SECURE_BOOT_GPIO=0", "SYSFS_ABR_IMAGE_VAL=0", "SYSFS_SECURE_BOOT_VAL=0", "_PID=1001" ] }, Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I6513280d30672907341b8f3fc583644ebec4cdc5 show more ...

Revision

Date

Author

Comments

# 46068d9b

14-Feb-2023

Brad Bishop <bradleyb@fuzziesquirrel.com>

treewide: remove dependencies on mapper.target

The mapper is dbus activated now, so these explicit dependency
declarations are unnecessary and redundant.

Change-Id: I9898fa6c9918a6ab4fe166acf5d335f

treewide: remove dependencies on mapper.target

The mapper is dbus activated now, so these explicit dependency
declarations are unnecessary and redundant.

Change-Id: I9898fa6c9918a6ab4fe166acf5d335f89c1540fd
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

# 1662ba6b

18-Mar-2022

Andrew Geissler <geissonator@yahoo.com>

secure-boot: add service to run new secure check

Tested:
- Built image with new service installed and verified that when
QuiesceOnHwError was not set, we just got this:
Mar 18 16:09:46 p10bmc syst

secure-boot: add service to run new secure check

Tested:
- Built image with new service installed and verified that when
QuiesceOnHwError was not set, we just got this:
Mar 18 16:09:46 p10bmc systemd[1]: Starting Phosphor BMC Security Check...
Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: bmc-secure-boot gpio found and indicates it is NOT enabled
Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: Read 0 from secure_boot
Mar 18 16:09:46 p10bmc phosphor-secure-boot-check[435]: Read 0 from abr_image
Mar 18 16:09:47 p10bmc systemd[1]: Finished Phosphor BMC Security Check.

- When QuiesceOnHwError was set, we got this:
Mar 18 16:37:10 p10bmc systemd[1]: Starting Phosphor BMC Security Check...
Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: bmc-secure-boot gpio found and indicates it is NOT enabled
Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: Read 0 from secure_boot
Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: Read 0 from abr_image
Mar 18 16:37:10 p10bmc phosphor-secure-boot-check[1001]: The system is not secure
Mar 18 16:37:10 p10bmc systemd[1]: Finished Phosphor BMC Security Check.

AND a log:
"Severity" : {
"type" : "s",
"data" : "xyz.openbmc_project.Logging.Entry.Level.Warning"
},
"Message" : {
"type" : "s",
"data" : "xyz.openbmc_project.State.Error.SecurityCheckFail"
},
"EventId" : {
"type" : "s",
"data" : "BD8D3405 00000055 2E2D0010 00000000 00000000 00000000 00000000 00000000 00000000"
},
"AdditionalData" : {
"type" : "as",
"data" : [
"SECURE_BOOT_GPIO=0",
"SYSFS_ABR_IMAGE_VAL=0",
"SYSFS_SECURE_BOOT_VAL=0",
"_PID=1001"
]
},

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I6513280d30672907341b8f3fc583644ebec4cdc5