From c5aa0ec48d810654ded083b86b069c86e08d492a Mon Sep 17 00:00:00 2001
From: Timothy Pearson <tpearson@raptorengineering.com>
Date: Tue, 30 Apr 2019 18:27:09 +0000
Subject: Try to keep BMC on NCSI port 0 for security isolation

---
 .../recipes-phosphor/network/network/ncsi-netlink.service   | 13 +++++++++++++
 .../recipes-phosphor/network/phosphor-network_%.bbappend    |  8 ++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service
 create mode 100644 meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend

diff --git a/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service b/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service
new file mode 100644
index 000000000..44b34195e
--- /dev/null
+++ b/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Stop the ethernet link failover
+Wants=xyz.openbmc_project.Network.service
+After=xyz.openbmc_project.Network.service
+
+[Service]
+Restart=no
+ExecStart=/usr/bin/env ncsi-netlink --set -x 2 -p 0 -c 0
+SyslogIdentifier=ncsi-netlink
+Type=oneshot
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend b/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend
new file mode 100644
index 000000000..5137f4e00
--- /dev/null
+++ b/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend
@@ -0,0 +1,8 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/network:"
+SRC_URI += "file://ncsi-netlink.service"
+SYSTEMD_SERVICE_${PN} += "ncsi-netlink.service"
+
+do_install_append() {
+    install -d ${D}${systemd_system_unitdir}
+    install -m 0644 ${WORKDIR}/ncsi-netlink.service ${D}${systemd_system_unitdir}
+}
-- 
cgit v1.2.1