docs/designs/firmware-update-via-usb.md

1 # In-Band Update of BMC Firmware using USB
5 Created: 2021-10-12
14 The openbmc project currently has a [phosphor-software-manager][1] repository.
26 - Monitor whether the USB key is inserted.
27 - The first tar file found in the sorted list of files on the USB device is
29 - Manually trigger firmware upgrade.
30 - Disable automatic reboot the BMC firmware after upgrade is complete to prevent
31   a potential loop in the event of a key inserted.
32 - This mechanism attempts to maintain security, for example this feature is
37 The new code would be part of the phosphor-software-manager repository(eg:
38 phosphor-usb-code-update). The design process is as follows:
40 - Define a macro switch (`usb-code-update`) in [phosphor-software-manager][1]
41   repository to identify whether to enable the USB Code Update function, which
43 - If `usb-code-update` enabled, install the udev rules file to
45 - Once the udev rules are met, the systemd service is directly triggered and
46   start the phosphor-usb-code-update daemon.
47 - This daemon verifies the `/run/media/usb/sda1` directory and copies the first
49 - Set ApplyTime to OnReset so that the proposed usb code update app does not
51 - Set RequestedActivation to Active, follow the updated status, start to update
53 - Exit the phosphor-usb-code-update daemon.
60 …k", ACTION=="add", ENV{ID_USB_DRIVER}=="usb-storage", ENV{DEVTYPE}=="partition", ENV{SYSTEMD_WANTS…
65 - It is recommended to run a local CI run and analyze & avoid potential
67 - Assuming that the USB drive has a physical security vulnerability (such as
68   memory overflow, etc.), should disable "USB code update" via Redfish. After
69   the vulnerability is fixed, enable "USB code update" again via Redfish.
76 re-flashing, this is not Reasonably, service support should have local access to
82 key. There is no expected performance impact since the process just copies files
87 - When the USB code update is disabled, the service will return directly without
89 - Manually insert the USB key with the firmware upgrade package, and check
91 - Simulate `dev/sda1` on qemu with some test scripts and start the service(eg:
92   `systemcl start usb-code-update@sda1.service`)
93 - Verify that the ApplyTime attribute value is set to OnRest.
94 - Verify that the RequestedActivation property value is set to Active.
95 - Verify that the firmware update was successful.
97 [1]: https://github.com/openbmc/phosphor-bmc-code-mgmt