path: root/ipmi_flash.md

# BMC-side state machine details

***ONLY ONE BLOB IS ALLOWED OPEN AT A TIME***

To avoid excessive complications, there is a restriction that only one blob
within the firmware handler can be open at a time.

The system starts in the `notYetStarted` state.

At each state, each method has a specific effect, depending on a variety of
details, and sometimes the behavior is consistent regardless of overall state.

Opening the active image or hash always fails:

*   `open(/flash/active/image)` returns false -- file cannot be opened.
*   `open(/flash/active/hash)` returns false -- file cannot be opened.

The two files are only present once their corresponding blob has been opened.

# The state of fileOpen per state

You can only open one file at a time, and some of the states exist only when a
file is open.

State                   | fileOpen
:---------------------- | :-------
`notYetStarted`         | `false`
`uploadInProgress`      | `true`
`verificationPending`   | `false`
`verificationStarted`   | `true`
`verificationCompleted` | `true`
`updatePending`         | `false`
`updateStarted`         | `true`
`updatedCompleted`      | `true`

# The states in the Firmware Handler State Machine

## `notYetStarted`

**The starting state.**

*   `open(/flash/image)`
*   `open(/flash/tarball)`
*   `open(/flash/hash)`
*   `open(/flash/verify)`
*   `open(/flash/update)`

## `uploadInProgress`

**The BMC is expecting to receive bytes.**

*   `open(/flash/*)` returns false because `fileOpen == true`

*   `close(/flash/*)` triggers `state -> verificationPending`

*   `commit(/flash/*)` returns false

## `verificationPending`

**The BMC is ready for verification or more bytes.**

*   `open(/flash/image)` triggers `state -> uploadInProgress`
*   `open(/flash/tarball)` triggers `state -> uploadInProgress`
*   `open(/flash/hash)` triggers `state -> uploadInProgress`

*   `open(/flash/verify)`

*   `open(/flash/update)`

*   `commit(/flash/verify)` `state -> verificationStarted`

## `verificationStarted`

**The verification process has started, no more writes allowed.**

*   `open(/flash/*)` returns false because `state == verificationStarted`

*   `close(/flash/verify)` `state -> verificationCompleted`

## `verificationCompleted`

**The verification process has completed.**

*   `open(/flash/image)`
*   `open(/flash/tarball)`
*   `open(/flash/hash)`
*   `open(/flash/verify)`
*   `open(/flash/update)`

## `updatePending`

**The update process is pending.**

## `updateStarted`

**The update process has started.**

*   `open(/flash/*)`r eturns false because `fileOpen == true`

## `updatedCompleted`

**The update has completed (optional state to reach)**

# Expected State Transition Sequence

If verification fails, the state still transitions to `verificationCompleted`
and similarly, if the update fails the state still transitions to
`updateCompleted`. It is up to the host-tool to check the result of the process
by running the `stat()` command on their open session (either their session with
the `verifyBlobId` or the `updateBlobId`.

Action                     | Before | After
:------------------------- | :----: | :----------------:
1. `getBlobList()`         | NYS    | NYS
2. `stat(/flash/image)`    | NYS    | NYS
3. `open(/flash/image)`    | NYS    | UIP
4. `write(...)`            | UIP    | UIP
5. `close(/flash/image)`   | UIP    | VP
6. `open(/flash/hash)`     | VP     | UIP
7. `write(...)`            | UIP    | UIP
8. `close(/flash/hash)`    | UIP    | VP
9. `open(/flash/verify)`   | VP     | VP
10. `commit(...)`          | VP     | VS
11. `sessionStat(...)`     | VS     | VS (if !completed)
11. `sessionStat(...)`     | VS     | VC (if completed)
12. `close(/flash/verify)` | VC     | UP
13. `open(/flash/update)`  | UP     | UP
14. `commit(...)`          | UP     | US
15. `sessionStat(...)`     | US     | US (if !completed)
15. `sessionStat(...)`     | US     | UC (if completed)
16. `close(/flash/update)` | UC     | NYS