This is the groundwork for having node authentication.
The intent is for calling code to modify api.armed if
the administrator wants to opt into a one-time set of
credential.
This design as is currently does not fit a stateless
deploy model. That may suggest an additional manual step
for a fully stateless model. Alternatively adding support
for credential persistence through sealing to a node's TPM,
which would allow more freely retrievable node credentials.
SMM discovery behavior has seemingly gotten more picky with time.
First switch to an IPMI-free if the user has custom password. The
web based approach is much less problematic than SMM IPMI stack in
this context.
If user specifies they want to use default credentials, we have
no choice but to use IPMI. Omit things and shuffle order of operations
to mitigate problems. It isn't perfect, but it does work eventually.
Continue to support read using the old scheme, but even when
an integrity key is available, only use it to aid in decrypting
classic format, and always write in new format.
When generating key material from scratch, skip HMAC and
activate GCM mode.
When using existing CBC/HMAC keys, start covering the IV value
in the HMAC. For compatibility, HMAC validity is checked with
and without IV.
Some BMCs are incapable of handling concurrent requests.
This is a blow particularly to high latency management given
Redfish's tendency to require a lot of resource fetches, but
we don't have a particularly discoverable strategy for knowing
in advance whether an implementation is up for some optimization.
Password rules may be relevant to some scenarios. In such a case, this
can provide guidance if the BMC does not have such a facility or
alternatively provide friendlier warnings than the BMC provides
around shortcomings of the password.
It was frequent that a token expiration would impact attempt to convert
an account. Suppress the token based authentication to more reliably
have a fresh login.
Additionally, mitigate chance of exhausting user login limit.
Finally, switch to a generated password for the temporary account. Should something go awry
between deleting the third-party account and recreating it, this
means the system will have to be reset through OS or F1 menu. However this is better
than the risk of a well known backdoor account being inadvertently
created.
