All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Andrew Jeffery" <andrew@aj.id.au>
To: "Michael Richardson" <mcr@sandelman.ca>
Cc: "Sharad Khetan" <sharad.khetan@intel.com>,
	"Vijay Khemka" <vijaykhemka@fb.com>, rgrs <rgrs@protonmail.com>,
	"openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>
Subject: Re: MCTP over PCI on AST2500
Date: Mon, 13 Jan 2020 10:08:09 +1030	[thread overview]
Message-ID: <b33a4247-e76d-46bb-9853-cf246f55d6bf@www.fastmail.com> (raw)
In-Reply-To: <27265.1578670688@localhost>



On Sat, 11 Jan 2020, at 02:08, Michael Richardson wrote:
> 
> Andrew Jeffery <andrew@aj.id.au> wrote: 
>     > 
> https://github.com/openbmc/meta-phosphor/blob/master/aspeed-layer/recipes-bsp/u-boot/files/0001-aspeed-Disable-unnecessary-features.patch
> 
>     > The distro feature is opt-in as it has impacts beyond simply 
> disabling the backdoors
>     > (there are some unfortunate side-effects to enforcing 
> confidentiality of the BMC's
>     > address space.
> 
> okay, so the bridge gets turned off, and it has some other effects.
> What are the side effects?  I'm guessing by the inclusion of the VGA defines
> in that board init that they are video related.

We have a slightly more detailed description here:

https://github.com/openbmc/openbmc/issues/3475

With respect to PCIe, disabling the P2A causes the host kernel to fail probing
the  AST DRM driver on kernels before 4.12 (from memory). This impacts
POWER more than other host architectures due to invalid accesses triggering
EEH.

With respect to LPC, the issue is largely that the bit in the LPC controller to
disable the iLPC2AHB bridge only disables write access, the host can still
continue to issues arbitrary reads of the BMC address space. To prevent
arbitrary reads the BMC must disable the entire SuperIO controller, which
knocks out the ability to configure UARTs, GPIOs, and the LPC mailbox
among other functionality. On some platforms disabling SuperIO is feasible
(POWER based), but others may require some of this functionality be
present.

> 
> I can see that doing this in uboot is the earliest possible;

It's actually possible to disable the backdoors before the first instruction is
run on the ARM core with the firmware strapping feature, but it's likely the
result becomes platform-specific and integrating the configuration
into the flash image can be a bit fiddly (you could implement it with  a
custom u-boot linker script).

> but in most
> cases the main CPU has no power until the BMC boots, so it can't attack until
> the BMC is running.  Are there some situations in which the BMC (or the P2A
> bridge) could get reset without the host CPU also being reset?

See the discussion of the watchdog reset modes in the link above.

Cheers,

Andrew

  reply	other threads:[~2020-01-12 23:36 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-20  5:26 MCTP over PCI on AST2500 rgrs
2019-11-20  6:54 ` Vijay Khemka
2019-11-20  6:59   ` Khetan, Sharad
2019-11-22  0:38     ` Andrew Jeffery
2019-12-21  0:15       ` Khetan, Sharad
2020-01-09  1:57         ` Andrew Jeffery
2020-01-09 18:17           ` Vijay Khemka
2020-01-09 20:45             ` Richard Hanley
2020-01-10  1:29               ` Andrew Jeffery
2020-01-10  0:30           ` Andrew Jeffery
2020-01-13 16:53             ` Khetan, Sharad
2020-01-13 18:54               ` Deepak Kodihalli
2020-01-14  5:54                 ` Khetan, Sharad
2020-01-14  6:20                   ` Jeremy Kerr
2020-01-14  6:39                     ` Khetan, Sharad
2020-01-14  8:10                       ` Deepak Kodihalli
2020-01-14 15:54                       ` Thomaiyar, Richard Marian
2020-01-14 17:45                     ` Patrick Williams
2020-01-15 13:51                       ` Jeremy Kerr
2020-01-15 14:16                         ` Patrick Williams
2020-01-14  8:54                   ` rgrs
2020-01-13 23:22               ` Andrew Jeffery
2020-01-10  3:40           ` Michael Richardson
2020-01-10  5:05             ` Andrew Jeffery
2020-01-10 15:38               ` Michael Richardson
2020-01-12 23:38                 ` Andrew Jeffery [this message]
2020-01-13 17:09                   ` Michael Richardson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b33a4247-e76d-46bb-9853-cf246f55d6bf@www.fastmail.com \
    --to=andrew@aj.id.au \
    --cc=mcr@sandelman.ca \
    --cc=openbmc@lists.ozlabs.org \
    --cc=rgrs@protonmail.com \
    --cc=sharad.khetan@intel.com \
    --cc=vijaykhemka@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.