syslock 指令

To show current status and snapshot list (trusted and history)
system> syslock
Current status: disabled
Policy: none
cpu:    off
dXCC:   off
pci:    off
drive:  off
riser:  off
bp:     off

No snapshot.

System changes have been detected!
Index   In Use           Date              Description
-----  --------    -------------------   ----------------
1      Yes         28/01/2022 15:32:59   Enforced by XCCroot.
2      No          28/01/2022 15:28:16   Boot by BMC.

system> syslock
Current status: disabled
Policy: none
cpu:    off
dXCC:   off
pci:    off
drive:  off
riser:  off
bp:     off

To list inventory of specific snapshot
system> syslock -l 1
Location     Component ID          Description
---------    --------------        ----------------
To enable/disable function.(enable with passphrase, and/or promote current inventory as trusted snapshot):
system> syslock -en enabled
ok
system> syslock -en disabled
ok
system> syslock -en disabled -p Passw0rd12 -e disabled
ok
To take manual snapshot:
system> syslock -m -d xyz
ok
To list inventory difference from trusted snapshot
System>syslock -c
system configuration changes have been detected:

 Difference      Location    ID             Description
 --------------      ----------    ---------------    ----------------------------------------------------------------
  New device    Drive 13   S0K2QRYC    Drive 13, IBM-ESXS, 300GB 10K 6Gbps SAS 2.5"

To set lockdown policy:
system> syslock -po none/pperm/osboot

To set lockdown components:
system>syslock -cpu <on | off>
system>syslock -dXCC <on | off>
system>syslock -pci <on | off>
system>syslock -drive <on | off>
system>syslock -tpm <on | off>
system>syslock -riser <on | off>
system>syslock -bp <on | off>
system>syslock -board <on | off>
system>syslock -psu <on | off>
system>syslock -fan <on | off>
system>syslock -xccfw <on | off>
system>syslock -uefifw <on | off>