summaryrefslogtreecommitdiffstats
path: root/static
diff options
context:
space:
mode:
authorLei YU <mine260309@gmail.com>2019-03-18 15:22:56 +0800
committerGunnar Mills <gmills@us.ibm.com>2019-04-04 20:13:55 +0000
commit2b2d2298f5c6e9e596ed3ae84326a6ae804c46a4 (patch)
tree29dbffbb025678743a19d2fac3ca0f4cf64be017 /static
parent799eb1972c141271068cd4ea1010753e0347d8ab (diff)
downloadopenpower-pnor-code-mgmt-2b2d2298f5c6e9e596ed3ae84326a6ae804c46a4.tar.gz
openpower-pnor-code-mgmt-2b2d2298f5c6e9e596ed3ae84326a6ae804c46a4.zip
Static layout: support image verification
Add support of image verification for static layout PNOR code update. Tested: Verify the PNOR code update succeeds with valid-signed PNOR; and fails with invalid-signed PNOR or a PNOR tarball without signature. Change-Id: I1aafeb4e8e07eaa16c170f33f4f21940f7c9c146 Signed-off-by: Lei YU <mine260309@gmail.com>
Diffstat (limited to 'static')
-rw-r--r--static/activation_static.cpp56
-rw-r--r--static/activation_static.hpp6
2 files changed, 39 insertions, 23 deletions
diff --git a/static/activation_static.cpp b/static/activation_static.cpp
index 193d6b32a..19bb19e28 100644
--- a/static/activation_static.cpp
+++ b/static/activation_static.cpp
@@ -2,7 +2,6 @@
#include "item_updater.hpp"
-#include <filesystem>
#include <phosphor-logging/log.hpp>
namespace openpower
@@ -11,7 +10,6 @@ namespace software
{
namespace updater
{
-namespace fs = std::filesystem;
namespace softwareServer = sdbusplus::xyz::openbmc_project::Software::server;
using namespace phosphor::logging;
@@ -27,6 +25,36 @@ auto ActivationStatic::activation(Activations value) -> Activations
if (value == softwareServer::Activation::Activations::Activating)
{
+ fs::path imagePath(IMG_DIR);
+ imagePath /= versionId;
+
+ for (const auto& entry : fs::directory_iterator(imagePath))
+ {
+ if (entry.path().extension() == ".pnor")
+ {
+ pnorFilePath = entry;
+ break;
+ }
+ }
+ if (pnorFilePath.empty())
+ {
+ log<level::ERR>("Unable to find pnor file",
+ entry("DIR=%s", imagePath.c_str()));
+ ret = softwareServer::Activation::Activations::Failed;
+ goto out;
+ }
+#ifdef WANT_SIGNATURE_VERIFY
+ // Validate the signed image.
+ if (!validateSignature(pnorFilePath.filename()))
+ {
+ // Cleanup
+ activationBlocksTransition.reset(nullptr);
+ activationProgress.reset(nullptr);
+
+ ret = softwareServer::Activation::Activations::Failed;
+ goto out;
+ }
+#endif
if (parent.freeSpace())
{
startActivation();
@@ -42,30 +70,12 @@ auto ActivationStatic::activation(Activations value) -> Activations
activationProgress.reset(nullptr);
}
+out:
return softwareServer::Activation::activation(ret);
}
void ActivationStatic::startActivation()
{
- fs::path pnorFile;
- fs::path imagePath(IMG_DIR);
- imagePath /= versionId;
-
- for (const auto& entry : fs::directory_iterator(imagePath))
- {
- if (entry.path().extension() == ".pnor")
- {
- pnorFile = entry;
- break;
- }
- }
- if (pnorFile.empty())
- {
- log<level::ERR>("Unable to find pnor file",
- entry("DIR=%s", imagePath.c_str()));
- return;
- }
-
if (!activationProgress)
{
activationProgress = std::make_unique<ActivationProgress>(bus, path);
@@ -82,9 +92,9 @@ void ActivationStatic::startActivation()
subscribeToSystemdSignals();
log<level::INFO>("Start programming...",
- entry("PNOR=%s", pnorFile.c_str()));
+ entry("PNOR=%s", pnorFilePath.c_str()));
- std::string pnorFileEscaped = pnorFile.string();
+ std::string pnorFileEscaped = pnorFilePath.string();
// Escape all '/' to '-'
std::replace(pnorFileEscaped.begin(), pnorFileEscaped.end(), '/', '-');
diff --git a/static/activation_static.hpp b/static/activation_static.hpp
index 6fe713899..258a6126d 100644
--- a/static/activation_static.hpp
+++ b/static/activation_static.hpp
@@ -2,6 +2,8 @@
#include "activation.hpp"
+#include <filesystem>
+
namespace openpower
{
namespace software
@@ -9,6 +11,8 @@ namespace software
namespace updater
{
+namespace fs = std::filesystem;
+
/** @class ActivationStatic
* @brief Implementation for static PNOR layout
*/
@@ -25,6 +29,8 @@ class ActivationStatic : public Activation
void finishActivation() override;
std::string pnorUpdateUnit;
+
+ fs::path pnorFilePath;
};
} // namespace updater
OpenPOWER on IntegriCloud