Difference between revisions of "Real-Time Clock"
Jump to navigation
Jump to search
JeremyRand (talk | contribs) (→Setting the hardware real-time clock has no effect: Fix code formatting (Pseudo Tor Browser doesn't like grave accents)) |
JeremyRand (talk | contribs) (→Ownership: Link to Whonix's docs on Time Attacks) |
||
| Line 1: | Line 1: | ||
== Ownership == | == Ownership == | ||
| − | For security reasons, by default, the [[BMC]] owns the RTC; the host has read-only access to the RTC via [[IPMI]]. | + | For security reasons, by default, the [[BMC]] owns the RTC; the host has read-only access to the RTC via [[IPMI]]. Whonix has [https://www.whonix.org/wiki/Time_Attacks documented] a variety of security vulnerabilities that manifest if malware on the host is able to tamper with the RTC. |
== Setting the hardware real-time clock has no effect == | == Setting the hardware real-time clock has no effect == | ||
Revision as of 04:22, 15 April 2025
Ownership
For security reasons, by default, the BMC owns the RTC; the host has read-only access to the RTC via IPMI. Whonix has documented a variety of security vulnerabilities that manifest if malware on the host is able to tamper with the RTC.
Setting the hardware real-time clock has no effect
If hwclock --systohtc has no effect (i.e. hwclock --get is unchanged), then:
1. From the BMC console, power off the host
2. Type busctl set-property xyz.openbmc_project.Settings /xyz/openbmc_project/time/owner xyz.openbmc_project.Time.Owner TimeOwner s xyz.openbmc_project.Time.Owner.Owners.Host (note the capitalization: Host, not HOST as the openbmc github issues tell you!)
3. Reboot the BMC
4. Power on the host
