Operational Security Requirements#
Factory Reset after Debug Token Usage#
After using one (or more) Debug Token on the compute tray, the operator must remove the Debug Token and factory reset the non-volatile storage of the BMC, HMC, and CPU. The following RedFish APIs provide the factory reset functionality:
Reset the HMC R/W filesystem:
curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/HGX_BMC_0/Actions/Manager.ResetToDefaults \
-d '{"ResetToDefaultsType": "ResetAll"}'
Erase the HMC eMMC:
curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/HGX_BMC_0/Actions/Oem/eMMC.SecureErase
Erase the Grace R/W SPI flashes (both modules):
curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Chassis/HGX_ProcessorModule_0/Actions/Oem/NvidiaProcessor.VariableSpiErase
curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Chassis/HGX_ProcessorModule_1/Actions/Oem/NvidiaProcessor.VariableSpiErase
Reset the BCM R/W filesystem:
curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/BMC_0/Actions/Manager.ResetToDefaults \
-d '{"ResetToDefaultsType": "ResetAll"}'
Erase the BMC eMMC:
curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/BMC_0/Actions/Oem/eMMC.SecureErase