discover_system_state: apply power restore delay

Introduce option `apply-power-policy-bmc-ready` to control power
restore policy application timing. When enabled (default), BMC
waits until BMC_READY

discover_system_state: apply power restore delay

Introduce option `apply-power-policy-bmc-ready` to control power
restore policy application timing. When enabled (default), BMC
waits until BMC_READY before applying power policy. When disabled,
BMC waits for the PowerRestoreDelay before applying power policy.
This change maintains backward compatibility while allowing more
flexible power restoration behavior.

Tested:
1) PSM builds fine
2) When `apply-power-policy-bmc-ready` is disabled,
discovery_system_state waits for PowerRestoreDelay as specified by
the user.

Change-Id: Ib2381612bdb8cb6960f126228d25d8d43fed1d92
Signed-off-by: Prithvi Pai <ppai@nvidia.com>

show more ...

Add googletest wrap file

With this, unit tests can be run in a standalone session.

Tested:
Standalone tests work:

```
1/4 test_systemd_parser OK 0.01s
2/4 test_syste

Add googletest wrap file

With this, unit tests can be run in a standalone session.

Tested:
Standalone tests work:

```
1/4 test_systemd_parser OK 0.01s
2/4 test_systemd_signal OK 0.01s
3/4 test_hypervisor_state OK 0.01s
4/4 test_scheduled_host_transition OK 0.01s

Ok: 4
Expected Fail: 0
Fail: 0
Unexpected Pass: 0
Skipped: 0
Timeout: 0
```

Change-Id: I434320257498a891af5f15835fdee9927e7d5aee
Signed-off-by: Matt Spinler <spinler@us.ibm.com>

show more ...

meson: reformat with meson formatter

Apply the `meson format` results.

Change-Id: I441b95b267f2faac23675ec0703aa5474d189be7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

build: use allowed over enabled or not-disabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`)

build: use allowed over enabled or not-disabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer return true for auto features. Instead, the
expectation is to use `allowed()` which is true for both enabled and
auto.

Switch all uses of `enabled` to `allowed`.
Switch all uses of `not disabled` to `allowed`.

Change-Id: I88a4676fbcc5ea0ac31835976bb0775867464778
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

reject Transition request while firmware being flashed

When users request to flash BMC/Host... firmware, the BMC should reject
turning on the host or rebooting BMC requests to protect the system.
As

reject Transition request while firmware being flashed

When users request to flash BMC/Host... firmware, the BMC should reject
turning on the host or rebooting BMC requests to protect the system.
As defined in the PDIs [1], the ActivationBlocksTransition interface is
used to prevent power-on during flashing. The phosphor-state-manager
shall look for this interface to make decision should transition request
is executed or not. When BMC rejects the transition request, an error is
thrown as defined in PDIs [2].

[1] https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/Software/ActivationBlocksTransition.interface.yaml
[2] https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/75231

Tested:
Enable check-fwupdate-before-do-transition option
1. Request to flash Host's firmware via Redfish or WebUi
2. Request to turn off the Host.
$ipmitool power off
3. BMC turns off the power.
4. Request to turn on the Host.
$ipmitool power on
5. BMC rejects above request. No power action is executed.
6. Request to reboot BMC.
$ipmitool mc reset cold
7. BMC did not reboot.
8. Request turn on the Host after flashing done.
9. BMC turns on the Power.
10. Request to reboot BMC.
11. BMC reboots.

Disable check-fwupdate-before-do-transition option
1. Request to flash Host's firmware via Redfish or WebUi
2. Request to turn off the Host.
$ipmitool power off
3. BMC turns off the power.
4. Request to turn on the Host.
$ipmitool power on
5. BMC does not reject this request, but no power action is handled
6. When flashing done, BMC turns on the power.

Change-Id: If3998e58d24cfb72d13b01eb5b8c8cc5a39b3c95
Signed-off-by: Thang Tran <thuutran@amperecomputing.com>

show more ...

phosphor-state-manager: Add -Dbindings=cxx to libgpiod dependency

This option should be specified by default so that `meson setup build`
can work out-of-the-box, or else the `libgpiod` dependency wo

phosphor-state-manager: Add -Dbindings=cxx to libgpiod dependency

This option should be specified by default so that `meson setup build`
can work out-of-the-box, or else the `libgpiod` dependency won't provide
`libgpiodcxx`.

Several other repositories are doing this already:

```
$ rg -t meson "bindings=cxx"
host-error-monitor/meson.build
30: default_options: ['bindings=cxx'],

openpower-vpd-parser/meson.build
121: default_options: ['bindings=cxx'],

intel-ipmi-oem/meson.build
65: default_options: ['bindings=cxx'],

openpower-vpd-parser/test/meson.build
16:libgpiodcxx = dependency('libgpiodcxx', default_options: ['bindings=cxx'])

dbus-sensors/meson.build
39:gpiodcxx = dependency('libgpiodcxx', default_options: ['bindings=cxx'])

openpower-proc-control/meson.build
143:libgpiodcxx_dep = dependency('libgpiodcxx', default_options: ['bindings=cxx'])

x86-power-control/meson.build
43: dependency('libgpiodcxx', default_options: ['bindings=cxx']),

phosphor-power/meson.build
71: default_options: ['bindings=cxx'])

YAAP/meson.build
23: default_options: ['bindings=cxx'],
```

Tested:

Before:
```
$ rm -rf build subprojects
$ git restore subprojects
$ meson setup build --wipe --reconfigure
....
Dependency gpioplus from subproject subprojects/gpioplus found: YES 0.1
WARNING: Variable 'gpiodcxx_dep' in the subproject 'subprojects/libgpiod-1.6.3' is not found
Dependency libgpiodcxx from subproject subprojects/libgpiod-1.6.3 found: NO

host_condition_gpio/meson.build:5:11: ERROR: Dependency 'libgpiodcxx' is required but not found.
```

After:

```
$ rm -rf build subprojects
$ git restore subprojects
$ meson setup build --wipe --reconfigure
...
Dependency libgpiodcxx from subproject subprojects/libgpiod-1.6.3 found: YES 1.1.2
...
````

Fixes: ba2241c63673 ("Support checking host status via GPIO pins")
Change-Id: I238f785a381b7d0cb4f7002afdd7a2ed3ae2d926
Signed-off-by: Peter Delevoryas <peter@pjd.dev>

show more ...

Switch to Use phosphor-dbus-interface defined constants

We are redefining a lot of the constants which are already
defined in the phosphor-dbus-interface auto-generated
headers. This change switches

Switch to Use phosphor-dbus-interface defined constants

We are redefining a lot of the constants which are already
defined in the phosphor-dbus-interface auto-generated
headers. This change switches the code to use those instead
of allowing compile time definition of those.

Allowing for compile time definition would probably break
clients who are not aware of the new paths anyway.

Tested by build a harma image and loading in qemu to test
the added interfaces are unchanged.
```
busctl introspect xyz.openbmc_project.State.BMC \
/xyz/openbmc_project/state/bmc0
busctl introspect xyz.openbmc_project.State.Host \
/xyz/openbmc_project/state/host0
busctl introspect xyz.openbmc_project.State.Chassis \
/xyz/openbmc_project/state/chassis0
```

Change-Id: Ib4c77d2789c13f509b75a2b1837ea454e53e8ae9
Signed-off-by: Amithash Prasasd <amithash@meta.com>

show more ...

host-reboot: move to PSM subdir

Per the project anti-patterns[1], scripts are suppose to be installed
in a package-named subdirectory within libexec. Move appropriately
and update the service file.

host-reboot: move to PSM subdir

Per the project anti-patterns[1], scripts are suppose to be installed
in a package-named subdirectory within libexec. Move appropriately
and update the service file.

[1]: https://github.com/openbmc/docs/blob/master/anti-patterns.md#background-4

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie62e032707f374da4af20c38bbf358a8c442d690

show more ...

meson: Fix local cereal build

Currently local build is failing with a message:
"""
cereal| Exception: Failed to configure the CMake subproject: Could NOT
find Boost (missing: Boost_INCLUDE_DIR seria

meson: Fix local cereal build

Currently local build is failing with a message:
"""
cereal| Exception: Failed to configure the CMake subproject: Could NOT
find Boost (missing: Boost_INCLUDE_DIR serialization)
Subproject subprojects/cereal is buildable: NO (disabling)
"""
Since cereal requires boost only for the sandbox build and this
functionality is not needed, add option to skip building performance
sandbox comparison to solve the issue.

Tested:
"meson setup build" no longer fails with the cereal error.

Change-Id: Icbfd6cb7735565da9f3c255a1a9a83abf1fa1660
Signed-off-by: Konstantin Aladyshev <aladyshev22@gmail.com>

show more ...

Correct the value of CHASSIS_ON_FILE

Issue: When BMC turns on the host then reboot BMC. The BMC can not turn
off/on or power cycle the host.

Root cause: After commit [1], this repo is using std::fo

Correct the value of CHASSIS_ON_FILE

Issue: When BMC turns on the host then reboot BMC. The BMC can not turn
off/on or power cycle the host.

Root cause: After commit [1], this repo is using std::format instead
fmt::format. The value of CHASSIS_ON_FILE was not updated in that
commit. It makes the /run/openbmc/chassis@0-on file is not removed when
Chassis' Power state is On, therefore, the BMC can not turn on the host.

Solution: This commit corrects the value of CHASSIS_ON_FILE.

[1] https://github.com/openbmc/phosphor-state-manager/commit/78c066f6078704fd202c8a4b02fcf73091481ef1

Change-Id: Ib741022774aac9a5cb3a4adc87bae8583df97ce2
Signed-off-by: Thang Tran <thuutran@amperecomputing.com>

show more ...

Add option to enable/disable forced warm reboots

Some OpenBMC systems don't support a forced warm reboot. Provide a
compile option to enable/disable.

Tested:
- Confirmed that if feature is disabled

Add option to enable/disable forced warm reboots

Some OpenBMC systems don't support a forced warm reboot. Provide a
compile option to enable/disable.

Tested:
- Confirmed that if feature is disabled, then AllowedHostTransitions did
not have ForceWarmReboot option.

Change-Id: I207b8fa7e3f60efbf406397ff4df980a5d2677ed
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...

prefer std::format over fmt

Now that std::format is implemented we aren't using complex enough fmt
to warrant using it over the std version. Switch to std and remove the
dependency.

Signed-off-by:

prefer std::format over fmt

Now that std::format is implemented we aren't using complex enough fmt
to warrant using it over the std version. Switch to std and remove the
dependency.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ib03cdb6a9db4d25de345bdb49b28157880c19bc1

show more ...

meson: adjust nlohmann-json dependency

- Simplify dependency logic in meson.build.
- Use consistent dependency variable as style recommended by Meson.
- Use json wrap file matching the meson wrapdb.

meson: adjust nlohmann-json dependency

- Simplify dependency logic in meson.build.
- Use consistent dependency variable as style recommended by Meson.
- Use json wrap file matching the meson wrapdb.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I8b6e14c03657a2017ab2c89ad98d5c460d3b7917

show more ...

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer retur

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer return true for auto features. Instead, the
expectation is to use `allowed()` which is true for both enabled and auto.

Switch all uses of `enabled` to `allowed`.

Change-Id: I3cac63961b6b7900433f259516702c6817c8956b
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Check the TPM measurement if TPM is present

Perform the TPM Measurement Check only if TPM is present. This commit
adds a new option to provide the sysfs TPM device tree path, which will
be used to v

Check the TPM measurement if TPM is present

Perform the TPM Measurement Check only if TPM is present. This commit
adds a new option to provide the sysfs TPM device tree path, which will
be used to verify TPM's presence. If the device tree path doesn't exist,
it indicates that TPM is not present.

Tested: Tested on a system with TPM device present and on system that
didn't have it present and verified expected behavior on both.

Change-Id: I108f05cc5bafd90cda5a82146b93e2371765b9aa
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>

show more ...

build: upgrade to C++23

Meson 1.1.1 and GCC-13 both support C++23 and a sufficient portion of
the standard has been implemented. Upgrade the build to leverage it.

Change-Id: I71fbf7fc1a4b23579ed60

build: upgrade to C++23

Meson 1.1.1 and GCC-13 both support C++23 and a sufficient portion of
the standard has been implemented. Upgrade the build to leverage it.

Change-Id: I71fbf7fc1a4b23579ed60ca26a0185b50d9fb8b9
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

bmc-ready: new optional feature definition

This is the start of a series of commits which will enable a new feature
within phosphor-state-manager to not allow host or chassis operations if
the BMC i

bmc-ready: new optional feature definition

This is the start of a series of commits which will enable a new feature
within phosphor-state-manager to not allow host or chassis operations if
the BMC is not in the "Ready" state.

Some systems require (and assume) all BMC services are up and running
before a chassis or host operation is started. For example IBM systems
collect VPD from i2c devices shared with the host firmware, the BMC must
complete collecting all of that VPD before the host is started. The
completion of the VPD collection is required for the BMC to reach Ready
state.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I0aed9323348f92dffb330089143c5f569b57a1fb

show more ...

meson: remove deprecated get_pkgconfig_variable

Since meson 0.56, the `get_pkgconfig_variable` has been deprecated. In
meson 0.58 the `get_variable` was enhanced to no longer require the
`pkgconfig

meson: remove deprecated get_pkgconfig_variable

Since meson 0.56, the `get_pkgconfig_variable` has been deprecated. In
meson 0.58 the `get_variable` was enhanced to no longer require the
`pkgconfig` keyword argument. Ensure meson 0.58 is required and update
the usage of all `get_pkgconfig_variable` and `get_variable` to be the
modern variant.

Change-Id: I6a4954110ff24c724376bf8ed3e42d71eeeb4819
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

secure-boot: Log an error if TPM measurement fails

Log an error if the TPM measurement fails due to the absence or
invalid value of the file '/sys/class/tpm/tpm0/pcr-sha256/0'.

Tested:
Verified tha

secure-boot: Log an error if TPM measurement fails

Log an error if the TPM measurement fails due to the absence or
invalid value of the file '/sys/class/tpm/tpm0/pcr-sha256/0'.

Tested:
Verified that an error is logged when '/sys/class/tpm/tpm0/pcr-sha256/0'
is absent, empty, or has a value of 0, indicating that the TPM
measurement has failed.
```
"Severity" : {
"type" : "s",
"data" : "xyz.openbmc_project.Logging.Entry.Level.Error"
},
"Message" : {
"type" : "s",
"data" : "xyz.openbmc_project.State.Error.TpmMeasurementFail"
},
"AdditionalData" : {
"type" : "as",
"data" : [
"ERROR=TPM measurement value is empty: /sys/class/tpm/tpm0/pcr-sha256/0",
"_PID=501"
]
},
```

Change-Id: I9be610a9b473a529b09feec6643ec65b58a62907
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>

show more ...

scheduled_host_transition: change object path

Recently, it was noticed that both the
phosphor-scheduled-host-transition and phosphor-host-state-manager
services were implementing the same object on

scheduled_host_transition: change object path

Recently, it was noticed that both the
phosphor-scheduled-host-transition and phosphor-host-state-manager
services were implementing the same object on d-bus, but putting
different interfaces under them. This causes confusion because quite a
few services utilize the mapper-wait dependency:
mapper-wait@-xyz-openbmc_project-state-host%i.service

The dependency is meant to wait for the interfaces under
phosphor-host-state-manager but if the scheduled-host one starts first,
that will complete the mapper-wait dependency. This results in services
with a dependency on host-state starting before they should! It seems
the recent removal of mapper.target dependencies from the service files
has brought this bug to light.

The only other software within OpenBMC that accesses the scheduled-host
interface is in PLDM and some robot tests. If this change is approved
then I'll make the appropriate changes in those repos as we are changing
an existing d-bus object here (although a minimally used one).

Tested:
- Ensured that when xyz.openbmc_project.State.Host0 is stopped, the
"mapper wait /xyz/openbmc_project/state/host0" does not return.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I4addb971f7ddd464c2714aa3e87ef7ef07cb737c

show more ...

Ensure POR reset is logged

In situations where the last reboot cause is not changed to POR,
specifically after unexpected AC losses, bmc-state-manager fails to
update the property. Therefore after a

Ensure POR reset is logged

In situations where the last reboot cause is not changed to POR,
specifically after unexpected AC losses, bmc-state-manager fails to
update the property. Therefore after a power cycle the last reboot
cause property is set to unknown. Thankfully, chassis-state-manager
generates a file indicating an AC loss occurred and that can be used
to identify that the last reboot cause was a power-on-cycle. It was
necessary to add an "After xyz.openbmc_project.State.Chassis"
dependency to bmc-state-managers service file to ensure the AC loss
was generated prior to bmc-state-manager executing.

Tested:

- Ensured that when the system was power cycled that the last reboot
cause was set to "POR" when the chassis lost power file was present.

- Verified that when the file was not present the last reboot
cause was set accordingly (typically unknown)

Change-Id: Ifa6d5d6f89c221477ee2f2fa1ed15adade359e45
Signed-off-by: NodeMan97 <corey.hardesty@icloud.com>

show more ...

Only run power restore on AC losses

Added a meson build option that allows the customer to enable automatic
power restore policy only for AC losses where the chassis power was
on prior to a BMC rese

Only run power restore on AC losses

Added a meson build option that allows the customer to enable automatic
power restore policy only for AC losses where the chassis power was
on prior to a BMC reset(and off when it comes back online).

The default is set to 'false' which provides the standard behavior of
APR which is to always run APR on an BMC reboot.
If the option 'only-run-apr-on-power-loss' is 'true' then APR is only
run in the case of the chassis losing power. AC power losses trigger the
creation of a file called 'chassis@0-lost-power' that identifies an
AC power loss has occurred. This generated file can be found in the
directory '/run/openbmc/'.

Tested:
- Verified that when built with option 'only-run-apr-on-power-loss'
set to false(default) that APR was ran.
- Verified that when built with option 'only-run-apr-on-power-loss'
set to true that apr was not ran when a power loss did not occur.
- Verified that when built with option 'only-run-apr-on-power-loss'
set to true that apr was only ran when a power loss occured.

Jun 08 01:55:13 p10bmc phosphor-chassis-state-manager[3009]:
The system suffered a power blackout.

root@p10bmc:/lib/systemd/system# ls /run/openbmc/
chassis@0-lost-power

Signed-off-by: Corey Hardesty <corey.hardesty@icloud.com>
Change-Id: Iac37761416d699e3a469936e00868a8d9b6dfdb1

show more ...

host-reboot: enforce host boot count on host crash

The host reboot path can be triggered via paths outside of the normal
RequestedHostTransition property set. For example, if the host crashes,
it ju

host-reboot: enforce host boot count on host crash

The host reboot path can be triggered via paths outside of the normal
RequestedHostTransition property set. For example, if the host crashes,
it just triggers an automatic reboot using the systemd targets, which
means the check to prevent continuous host reboots is not run.

This commit ensures we decrement the reboot counter when a host crash
occurs, and it also ensures we check that count when deciding if a
reboot should occur.

While testing, it was found when we end in the host Quiesce state (after
all reboot attempts have expired), the host stayed in Quiesce, even
after issuing a power off. The fix for that was to ensure the
obmc-host-quiesce@.target conflicted with obmc-host-stop@.target to
ensure it would properly run on the power off request and update the
host state to Off.

Tested:
- Verified that AttemptsLeft was properly decremented on host crashes
- Verified that when AttempsLeft reached 0, the reboot was halted
and the host state was moved to Quiesced
- Verified that once in Quiesced, system could be powered off, and a
boot worked fine (and AttempsLeft was back to 3)

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I8d101b987517e160becc712ed70950f1d3204397

show more ...

secure-boot: check sysfs debug settings

These aspeed-specific settings are provided via the kernels sysfs
filesystem. They provide information on the security of the BMC.

Follow on commits will che

secure-boot: check sysfs debug settings

These aspeed-specific settings are provided via the kernels sysfs
filesystem. They provide information on the security of the BMC.

Follow on commits will check if the BMC is in manufacturing mode and log
an error if the system does not pass the security check.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Iddcc09dc34133806abe33570c5422bde51981bdb

show more ...

secure-boot: initial basic app to check gpio

The basic requirement is to utilize the new bmc-secure-boot GPIO
defined within this patch[1]. If the GPIO is found, then verify the
system is in secure

secure-boot: initial basic app to check gpio

The basic requirement is to utilize the new bmc-secure-boot GPIO
defined within this patch[1]. If the GPIO is found, then verify the
system is in secure mode by validating the GPIO reads 1. If it’s not
a 1, then log an error.

Similarly the code will also look at sysfs files created via the
kernel. An error will be logged if these sysfs files do not return
the expected security readings.

The above checks will only be run in a manufacturing environment.

See https://lists.ozlabs.org/pipermail/openbmc/2022-February/029479.html
for the mailing list discussion on this feature.

[1]: https://github.com/openbmc/docs/commit/d55349e10ec2432886b26b00322ef0eaff2b919a

Change-Id: I75ae6ba8541b6a13922ce6b45f82ee6cfca83b1d
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...