BMC daemon fails to start - Empty SSL Certificate Files #224
Comments
|
@abdavid thanks for reporting this! I think the appropriate thing to do here is to remove the certs if they are invalid. (that is if we know for sure they are not supplied by the user. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi!
I just received my TuringPi today, and while setting everything up, I must have been too eager to remove power from the board. This caused what I identified as a state that required manual recovery.
The issue I encountered was related to the BMC’s certificate files. Specifically, I found that the
bmcd_cert.pemfile was 0 bytes in size after the system restarted. This prevented the BMC daemon and web interface from starting correctly and caused API commands such astpi power onto fail.Upon reviewing the BMC startup script, I noticed that the logic only checks for the existence of the .pem files but does not verify that the files are valid or non-empty.
Suggested Fix:
It would be ideal to improve the script by also checking that the certificate and key files are non-empty (i.e., contain valid data), using the -s flag instead of just -f. This ensures that the BMC can properly recover from situations where certificates are truncated to 0 bytes.
For example, this line:
BMC-Firmware/tp2bmc/board/tp2bmc/factory_overlay/upper/etc/init.d/S94bmcd
Line 12 in 0cd2260
Could be changed to:
This modification would ensure that the certificate files are checked not only for existence but also for being non-empty, helping to avoid issues like the one I encountered.
You could, of course, also do some of this validation in the bmcd project and just delete the certificates if they are not valid—whichever you find appropriate. I still don’t have a complete overview of the project in its entirety, so bear with me.
Thanks for your help, and I’m looking forward to getting everything up and running smoothly!
The text was updated successfully, but these errors were encountered: