Set Channel Security Keys 命令详情
更新时间:2025/06/26
在Gitcode上查看源码修订记录
| openUBMC版本号 | 修订日期 | 修订人 | 修订内容 |
|---|---|---|---|
| 25.06 | 2025/06/26 | pengqiang-gs | 初稿,新增命令详情 |
基本信息
功能说明
标准命令,指定通道设置加密秘钥。 This command provides a standardized interface for initializing system unique keys that are used for the pseudo-random number generator key (KR) and the key-generation key (KG) used for RMCP+.
权限
UserMgmt
命令信息
请求信息
| 字节顺序 | 域取值说明 |
|---|---|
| 1 | Channel Number [7:4] - reserved [3:0] - Channel Number (Note: this command only applies to channels that support RMCP+, if the channel does not support RMCP+ the command will return an error completion code.) |
| 2 | Operation [7:2] - reserved [1:0] - Operation 00b = read key BMC returns value of specified key, provided key has not yet been locked. Some BMCs may allow the key to be re-written if it does not match the expected value. Other BMCs may only allow one ‘set’ operation. If the key value has not yet been initialized, the BMC will return 0’s for the key value. Utility software responsible for BMC installation and initial setup can use this Operation to also check to see whether keys have been initialized and locked. 01b = set key BMC writes given key value to non-volatile storage. 10b = lock key BMC locks out modification or reading the key value. Once a key has been locked, it is not cannot be rewritten or read via IPMI specified commands. 11b = reserved |
| 3 | Key ID [7:0] - key ID. 00h = RMCP+ “KR” key (20 bytes). The “KR” key is used as a unique value for random number generation. Note: A BMC implementation is allowed to share a single KR value across all channels. A utility can set KR and lock it for one channel, and then verify it has been set and locked for any other channels by using this command to read the key from other channels and checking the ‘lock status’ field for each channel to see if it matches and is locked. 01h = RMCP+ “KG” key (20 bytes). “KG” key acts as a value that is used for key exchange for the overall channel. This key cannot be locked. This is to ensure a password/key configuration utility can set its value. This value is used in conjunction with the user key values (passwords) in RAKP-HMAC-SHA1 and RAKP-HMAC-MD5 authentication. I.e. the remote console needs to have a-priori knowledge of both this key value and the user password setting, in order to establish a session. KG must be individually settable on each channel that supports RMCP+. all other = reserved |
| (4:M) | Key value. Value for specified key. Used for “set” Operation only. Otherwise, this field is not used in the request. The BMC will ignore any bytes following the ‘Key ID’ byte. |
响应信息
| 字节顺序 | 域取值说明 |
|---|---|
| 1 | Completion Code Generic plus the following command-specific completion codes: 80h: Cannot perform set / confirm. Key is locked (mandatory). 81h: insufficient key bytes. 82h: too many key bytes. 83h: key value does not meet criteria for specified type of key. 84h: kKR is not used. BMC uses a random number generation approach that does not require a KR value. |
| 2 | 7:2 - reserved. 1:0 - lock status 00b = key is not lockable. 01b = key is locked. 10b = key is unlocked. 11b = reserved |
| (3:N) | Key value. The BMC returns the specified key value when the Operation is set to “read key”. Otherwise, the BMC returns no additional bytes past the completion code |
命令样例
样例1:指定通道 1 设置加密秘钥
- 请求:
- 响应: