Operational Security Requirements#

Factory Reset after Debug Token Usage#

After using one (or more) Debug Token on the compute tray, the operator must remove the Debug Token and factory reset the non-volatile storage of the BMC, HMC, and CPU. The following RedFish APIs provide the factory reset functionality:

Reset the HMC R/W filesystem:

curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/HGX_BMC_0/Actions/Manager.ResetToDefaults \
-d '{"ResetToDefaultsType": "ResetAll"}'

Erase the HMC eMMC:

curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/HGX_BMC_0/Actions/Oem/eMMC.SecureErase

Erase the Grace R/W SPI flashes (both modules):

curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Chassis/HGX_ProcessorModule_0/Actions/Oem/NvidiaProcessor.VariableSpiErase

curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Chassis/HGX_ProcessorModule_1/Actions/Oem/NvidiaProcessor.VariableSpiErase

Reset the BCM R/W filesystem:

curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/BMC_0/Actions/Manager.ResetToDefaults \
-d '{"ResetToDefaultsType": "ResetAll"}'

Erase the BMC eMMC:

curl -k -u $USER:$PASS -X POST \
https://${TARGET_HOSTNAME}/redfish/v1/Managers/BMC_0/Actions/Oem/eMMC.SecureErase