Set Channel Security Keys
更新时间: 2025/06/26
在Gitcode上查看源码56h-设置频道安全密钥(Set-Channel-Security-Keys)
修订记录
| openUBMC版本号 | 修订日期 | 修订内容 |
|---|---|---|
| 25.06 | 2025/06/26 | 初稿,新增命令详情 |
基本信息
功能说明
设置频道安全密钥。
权限
UserMgnt
命令信息
请求信息
| 字节顺序 | 域取值说明 |
|---|---|
| NetFn | App 06h |
| CMD | 56h |
| 1 | Channel Number [7:4]-reserved [3:0]-Channel Number(Note: this command only applies to channels that support RMCP+, if the channel does not support RMCP+ the command will return an error completion code) |
| 2 | Operation [7:2]-reserved [1:0]-Operation 00b=read key BMC returns value of specified key, provided key has not yet been locked. Some BMCs may allow the key to be re-written if it does not match the expected value. Other BMCs may only allow one 'set' operation. If the key value has not yet been initialized, the BMC will return 0’s for the key value. Utility software responsible for BMC installation and initial setup can use this Operation to also check to see whether keys have been initialized and locked 01b=set key BMC writes given key value to non-volatile storage 10b=lock key BMC locks out modification or reading the key value. Once a key has been locked, it is not cannot be rewritten or read via IPMI specified commands. 11b=reserved |
| 3 | Key ID [7:0]-key ID 00h=RMCP+ "KR" key (20 bytes). The "KR" key is used as a unique value for random number generation. Note: A BMC implementation is allowed to share a single KR value across all channels. A utility can set KR and lock it for one channel, and then verify it has been set and locked for any other channels by using this command to read the key from other channels and checking the 'lock status' field for each channel to see if it matches and is locked 01h=RMCP+ “KG” key (20 bytes). "KG" key acts as a value that is used for key exchange for the overall channel. This key cannot be locked. This is to ensure a password/key configuration utility can set its value. This value is used in conjunction with the user key values (passwords) in RAKP HMACSHA1 and RAKP-HMAC-MD5 authentication. I.e. the remote console needs to have a-priori knowledge of both this key value and the user password setting, in order to establish a session. KG must be individually settable on each channel that supports RMCP+ all other=reserved |
| (4:M) | Key value. Value for specified key. Used for "set" Operation only. Otherwise this field is not used in the request. The BMC will ignore any bytes following the 'Key ID' byte |
响应信息
| 字节顺序 | 域取值说明 |
|---|---|
| 1 | Completion Code. Generic, plus following command-specific completion codes: 80h=Cannot perform set/confirm. Key is locked (mandatory) 81h=insufficient key bytes 82h=too many key bytes 83h=key value does not meet criteria for specified type of key 84h=KR is not used. BMC uses a random number generation approach that does not require a KR value |
| 2 | 7:2-reserved 1:0-lock status 00b=key is not lockable 01b=key is locked 10b=key is unlocked 11b=reserved |
| (3:N) | Key value The BMC returns the specified key value when the Operation is set to "read key". Otherwise, the BMC returns no additional bytes past the completion code |
命令样例
读取频道安全密钥
请求:
ipmitool raw 0x06 0x56 0x01 0x00 0x00响应:
02 25 7d 17 a6 7a cc 0c f3 f6 1b 8b 38 16 d3 b7
15 01 de 4e a8