docs/designs/redfish-resource-supplement-for-pfr.md

7 Created: 2019-09-12
13 NIST SP 800-193 provides technical guidelines and recommendations supporting
23 OpenBMC message registry metadata for logging events associated with PFR.
27 Platform Firmware Resilience technology in NIST SP 800-93 provide common
29 and component/device suppliers, to build stronger security mechanisms into
35 - [NIST.SP.180-193](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf)
36 - [Redfish schema supplement](https://www.dmtf.org/sites/default/files/standards/documents/DSP0268_…
37 - [Redfish Logging in bmcweb](https://github.com/openbmc/docs/blob/master/architecture/redfish-logg…
43 - BMC shall provide the way to represent Platform Firmware Resilience
46 - Event logs should be logged to redfish for Platform Firmware Resilience.
51 Resilience by using guidelines provided by NIST SP 800-193. Some of the
61 OpenBMC is moving to Redfish as its standard for out of band management. The
70 - ProvisiongStatus: The value of this property indicates the provisioning status
77      provisioned but not locked. So re-provisioning is allowed in this state.
80      and locked. So re-provisioning is not allowed in this state.
82 PFR enabled platforms can provision or re-provision the platform resilience
85 it can not be re-provisioned.
88 [link](https://gerrit.openbmc.org/#/c/openbmc/bmcweb/+/24253/)
90 PFR in OpenBMC must support logging of resiliency error detection and
94 [Redfish logging in bmcweb ](https://github.com/openbmc/docs/blob/master/redfish-logging-in-bmcweb.…
105    - BIOSFirmwareResiliencyError
106    - BMCFirmwareResiliencyError
107    - CPLDFirmwareResiliencyError
108    - MEFirmwareResiliencyError
109    - FirmwareResiliencyError Severity: Critical
114    - Boot failure
115    - Update Failure
122    - BIOSFirmwarePanicReason
123    - BMCFirmwarePanicReason
124    - CPLDFirmwarePanicReason
125    - MEFirmwarePanicReason Severity: Warning
129    - Boot time watchdog expired
130    - Firmware authentication failure
137    - BIOSFirmwareRecoveryReason
138    - BMCFirmwareRecoveryReason
139    - CPLDFirmwareRecoveryReason
140    - MEFirmwareRecoveryReason Severity: Warning
144    - Launch failures
145    - Update failures
146    - Authentication failures
198 - User can provision the PFR in OEM specific way and test using below URI and
215     "OpenBmc": {
228 - User can induce security attack and validate the panic event logs as well as
238   3.  Corrupt the security key's by directly mocking hardware and validate.