Real-Time Clock

From RCS Wiki
Jump to navigation Jump to search

Ownership

For security reasons, by default, the BMC owns the RTC; the host has read-only access to the RTC via IPMI. The Whonix developers have documented (clearnet link) a variety of security vulnerabilities that manifest if malware on the host is able to tamper with the RTC.

Accuracy

Unfortunately, the RTC suffers from substantial drift. This is exacerbated by its default ownership by the BMC, making it inconvenient to correct. It would be interesting to explore running sdwdate (clearnet link), by the Kicksecure developers, on the BMC to improve security.

Setting the hardware real-time clock has no effect

If hwclock --systohtc has no effect (i.e. hwclock --get is unchanged), then:

1. From the BMC console, power off the host

2. Type busctl set-property xyz.openbmc_project.Settings /xyz/openbmc_project/time/owner xyz.openbmc_project.Time.Owner TimeOwner s xyz.openbmc_project.Time.Owner.Owners.Host (note the capitalization: Host, not HOST as the openbmc github issues tell you!)

3. Reboot the BMC

4. Power on the host

Retrieved from "https://wiki.raptorcs.com/w/index.php?title=Real-Time_Clock&oldid=4738"