path: root/host-ipmid-whitelist.conf
diff options
authorTom Joseph <>2016-07-11 06:56:11 -0500
committerPatrick Williams <>2016-08-08 20:05:34 +0000
commit9a61b4f4e9213608653852ba2388fa89663029c3 (patch)
treeb52f1f75a4feeda1c3fbc9284fd17ec910f639ab /host-ipmid-whitelist.conf
parent3551868f8b46bec8711887c72b26f4c628d1600f (diff)
Whitelist IPMI commands based on Restricted mode
Whitelisting of IPMI commands is done to ensure that in restricted mode only whitelisted commands are executed. Commands that are not whitelisted is restricted and insufficient privilege is returned as the completion code. When the server is deployed it would be set to restricted mode. In this scenario certain IPMI commands need to be restricted which would not be added to the whitelist. Change-Id: I90b8124e34263c4ffc5bcf06a28a7e88231aaf40 Signed-off-by: Tom Joseph <>
Diffstat (limited to 'host-ipmid-whitelist.conf')
1 files changed, 24 insertions, 0 deletions
diff --git a/host-ipmid-whitelist.conf b/host-ipmid-whitelist.conf
new file mode 100644
index 0000000..bd02898
--- /dev/null
+++ b/host-ipmid-whitelist.conf
@@ -0,0 +1,24 @@
+0x00:0x02 //<Chassis>:<Chassis Control>
+0x00:0x08 //<Chassis>:<Set System Boot Options>
+0x00:0x09 //<Chassis>:<Get System Boot Options>
+0x04:0x2D //<Sensor/Event>:<Get Sensor Reading>
+0x04:0x2F //<Sensor/Event>:<Get Sensor Type>
+0x04:0x30 //<Sensor/Event>:<Set Sensor Reading and Event Status>
+0x06:0x01 //<App>:<Get Device ID>
+0x06:0x08 //<App>:<Get Device GUID>
+0x06:0x22 //<App>:<Reset Watchdog Timer>
+0x06:0x24 //<App>:<Set Watchdog Timer>
+0x06:0x2E //<App>:<Set BMC Global Enables>
+0x06:0x31 //<App>:<Get Message Flags>
+0x06:0x35 //<App>:<Read Event Message Buffer>
+0x06:0x36 //<App>:<Get BT Interface Capabilities>
+0x06:0x42 //<App>:<Get Channel Info Command>
+0x0A:0x40 //<Storage>:<Get SEL Info>
+0x0A:0x42 //<Storage>:<Reserve SEL>
+0x0A:0x44 //<Storage>:<Add SEL Entry>
+0x0A:0x48 //<Storage>:<Get SEL Time>
+0x0A:0x49 //<Storage>:<Set SEL Time>
+0x0C:0x02 //<Transport>:<Get LAN Configuration Parameters>
+0x2C:0x00 //<Group Extension>:<Group Extension Command>
+0x2C:0x03 //<Group Extension>:<Get Power Limit>
OpenPOWER on IntegriCloud