| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Use the std::get() interface instead of mapbox specific .get() member
interface.
Change-Id: I4ce467c49ea418adba422bbd09fa829acd53da3c
Signed-off-by: William A. Kennington III <wak@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The VERSION partition may have a secure boot header, so
the version string would not be the first line.
Instead of adding logic to parse the VERSION partition
and to protect against future changes, read the version
string from D-Bus instead by querying the functional
association.
Tested: The functional version was read successfully.
Change-Id: Icf0a9bd9f360ef9f0732579fa073f8661b8c57bd
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The remove association function was supposed to be called
on delete but was never implemented so if the associations
are queried but the version has been deleted, that'd be
false information, so call to remove the associations on delete,
also rename it to delete all associations, because the
functional pnor version can be deleted if the chassis state
is off and the delete function already made that determination.
Tested: Verified all associations (active and functional) are
deleted with a DeleteAll call.
Change-Id: I6e5589256dd8f62ac2ecf7574b9d08920b8b5e3d
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
There are scenarios where the BMC can support multiple PNOR MSL
values, such as v1.2 and v.1.4.9. Support multiple values
separated by a space.
Change-Id: Id65c43872db33538e2f02f6f60b4571a5231717b
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a Version::Incompatible error log when the verification
fails to make the failure more visible to the user.
Tested: Verified a new error log was created with the metadata.
"/xyz/openbmc_project/logging/entry/4": {
"AdditionalData": [
"_PID=1540",
"ACTUAL_VERSION=IPCS-FP5295G2-OP9-v2.0.8-2.8",
"MIN_VERSION=v2.2",
"VERSION_PURPOSE=xyz.openbmc_project.Software.Version.VersionPurpose.Host"
],
"Message": "xyz.openbmc_project.Software.Version.Error.Incompatible",
Change-Id: I3d13265b4a7e6a9a58cbd7cd619a162fb11da164
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Create a new binary that checks the msl (minimum ship level)
of the PNOR and logs an error message if the version on the
system is older. The msl can be specified via a config flag.
Change-Id: I6f477400f7a8cf56557bd0caf5d6e08d73320028
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
| |
Change-Id: I804e86172696dd541290d4af33c6a893ae8f0506
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
| |
Updated to correct IRC username and preferred email address.
Change-Id: I470c6ec9f422777552f975b480c2fd910912a32f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Update the .clang-format file and run clang-format-6.0.
This .clang-format matches the example one in
https://github.com/openbmc/docs/blob/master/cpp-style-and-conventions.md#clang-formatting
Change-Id: I289513571fe020bd407f23f2a88a01e11b5ff96f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
Update the .clang-format file.
Now includes header sorting and updating PointerAlignment.
Change-Id: I7119c12f1cc0a461cb7e4576dff6a02dcc95cbc4
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With OpenSSL 1.1.0, some of the functions were renamed, for
example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were
renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free().
Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Abstract them to support old and new APIs.
Resolves openbmc/openbmc#3137
Tested: Verified the signature verification was successful.
Change-Id: If8b3f185666c3db59567c4ee3bdfa168c501d3da
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The chassis path contains multiple properties. The code checks for
chassis state to decide if the Delete interface is added or removed.
If a different property was modified, the chassis state would be
empty, leading to always removing the Delete interface in this
scenario. Check that chassis state was populated before modifying the
Delete interface.
Tested: Verified the Delete interface was added back during power off.
Change-Id: Iee32de8917930e2f9081ab369ad4998766f21cff
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Per openbmc/openbmc#3364, adding -flto to CXX flags
in order to reduce overall library and binary sizes.
Ref: https://gcc.gnu.org/wiki/LinkTimeOptimization
Tested: Verified it compiled and booted to Ready in QEMU
Change-Id: I64ffa450d8cd964e01d78ce5bbc97b93df47509d
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The deleteAll function was skipping to delete the functional
version, which should be allowed if the chassis state is not on.
The erase function already supports that so the user can
individually delete the functional version, just the delete
would not work via the DeleteAll call.
Tested: All PNOR versions, including the functional one, get
deleted at chassis power off via the DeleteAll method.
Change-Id: Ib390545f3ade68e2a3182064549e05994e7f7191
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
During factory reset, call to suspend and resume mbox
to notify the host that it should not access the flash
during this operation.
Closes openbmc/openbmc#3210
Tested: Ran factory reset with host running and verified
there were no error messages or failed services.
Change-Id: Id881e5b4021744637d3988e57f784223957562b5
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the factory reset function, the read-write and preserved
partitions are cleared via systemd service files. The call
to run these services is asynchronous.
Replace these services files with C++ filesystem APIs so
that it is known when the file deletion starts and completes
to be able to notify the host when a reset operation is
taking place.
Part of openbmc/openbmc#3210
Tested: Verified factory reset still clears the read-write
and preserved partitions.
Change-Id: I7575a2e97a544b1e8692148e8664bdd14fdfb90f
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle exceptions from the sdbusplus method call API.
The call to Delete an object from the image manager fails with:
sd_bus_call: System.Error.ELOOP: Too many levels of symbolic links
Catch the error so the app doesn't core dump. Issue
openbmc/openbmc#3311 will track root cause of the error.
Tested: A PNOR code update operation succeeds without core dumps
or error messages.
Change-Id: Ib384a16436bbb0521d247b7b6157b8877db5a4cb
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle exceptions from the sdbusplus method call_noreply API.
The Activation constructor was subscribing to systemd signals, which
would cause an "Already Subscribed" error when creating multiple
Activation instances because the bus is common.
There is no reason to subscribe to systemd signals in the constructor,
since the signals are only triggered during the activation process.
Move the Subscribe call to the activation process which calls
Unsubscribe at the end.
There's a scenario where there could still be an "Already Subscribed"
error if the activation fails, so add error handling there.
This is very similar to:
https://gerrit.openbmc-project.xyz/#/c/11428/
Tested: Code updated an image.
Change-Id: Ia35b7f2fc24c0b605692bc534c54e18742027061
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
If VERSION is signed it will be 8K instead of 4K to accomodate the
header. Skip past the header so the version name can still be parsed.
Change-Id: I07f0bd136a42e94e5b4e59eaa0eb59c1aacf2e87
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Part of a series of commits that resolve openbmc 2905
Here is something funny: in item_updater.cpp:300 is a string
and on line 316 it is const char*. It may be confusing to
have the same variable name with two different related types.
Tested: static_assert only
Change-Id: I59556fc184ef1f1047bd8a76062598b7518c36ae
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
|
| |
|
|
|
| |
Change-Id: I084bd67fd5179c7abe6d79e990e46cebd300cce6
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit ee697121c78a262c456293b10c4f2d4e2873cff0.
The functional association goes away after activating a new image
(issue openbmc/openbmc#3038). The workaround is to keep the reverse
association names the same for the active and functional ones
until the issue is resolved.
Change-Id: I1ce1440e4c612e0efb553695f05db8adea171a77
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Added support to stop the codeupdate only for the fieldmode
enabled systems, for signature validation failures.
Resolves openbmc/openbmc#3047
Change-Id: Idf47b122a60d5d14e6e7f134d8067d20e09e7c76
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The verify_signature feature name is the same as the one used
in the phosphor-software-manager repo which manages the BMC
firmware updates. Change the name to make it different to
be able to control enabling the feature individually via recipes,
since enabling it on the phosphor recipe enables it for the
pnor code as well (due to the recipe dependency on
virtual-obmc-image-manager).
Change-Id: I73e446dd6d5f0995132bc60403e08d16d07703bd
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.
Change-Id: I1070feb715b037adbb55badc516d8a63c0b721bc
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
| |
Resolves openbmc/openbmc#3000
Change-Id: Ia03385d74d9885975c411ac24769510bd1afc4c4
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
Added signature validation test cases infrastructre and
positive path test case for verify function.
Change-Id: I0e02a07b726ed08757a21b97871154622534c989
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
|
|
| |
Added a short description about the openpower-pnor-code-mgmt repo.
Change-Id: I86d1edcc10796c00468a96acc90aeda6ab896509
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
| |
Reworded cleaning the repo. The old wording did not make sense.
Change-Id: If386a79dc1f4e6bb9546ec4590e4879551c5f055
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
-Added fix for squashFSImage file name print error.
-Added fix for conf path name typo.
Change-Id: Ic11509a16d5d7c35b1bbb191175a8f710e66caad
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.
Tested: Built the repo
Change-Id: Ic12ec06687fee33f6cf49ea9e44d3d06b782f1b6
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Enable signature validation during version activation
based on the WANT_SIGNATURE_VERIFY flag.
Change-Id: If8f4357553be9ed2fbcf86b4dddec768532a043a
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Enabled high level logic flow for the PNOR signed image
signature validation routines.
Includes reading hash type, key type from Manifest file.
Change-Id: I00280fff5a61291852c1f2d5f6fd8aec3dd62bf0
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add code in the squashfs generation script to sign the PNOR image files.
This will also add the signatures and corresponding public key to the
PNOR tar archive.
Resolves openbmc/openbmc#2886
Change-Id: I8faeac97e250a867d341457d6a5d24e6665d45d3
Signed-off-by: Eddie James <eajames@us.ibm.com>
|
| |
|
|
|
| |
Change-Id: I4490e930459a7eab6f6dd15198418c5314755d3f
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current name "software_version" is not very useful.
The GUI to determine if an image is functional is looking at
/xyz/openbmc_project/software/<image id>/functional.
The GUI could still do the same thing with "software_version"
by looking for
/xyz/openbmc_project/software/<image id>/software_version to
determine if an image is functional, but that feels really wrong.
Part of openbmc/openbmc#2945.
Tested: Built an image with this change, flashed onto a
Witherspoon and verified the "functional" association
worked forward and reverse.
Change-Id: Icdc396e5bb3c627211b14b6340c6e55da2a772ba
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
std::function is not found with a GCC 7.2 runtime.
Change-Id: I6b1383703a3b741ed0e72ce3ea33bf44aed48f60
Tested: Built repository with GCC 7.2
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enhancement to the host updater adds an extra location for storing
redundancy priority values for host software versions. Priority values
are stored as environment variables in the format
pnor-[versionId]=[priority]. This addresses any scenario in which the
Cereal files storing these priority values are deleted, including (but
not limited to) a BMC factory reset.
Additionally, priority files are no longer removed during a host factory
reset. Removing these files makes restoration of the priority on reboot
impossible.
Resolves openbmc/openbmc#2666
Change-Id: I6b528e75785d48bbb5c8782e879b061934ad9432
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed freeSpace() to remove more than 1 version if that is what is
needed to get the number of active PNOR versions at
ACTIVE_PNOR_MAX_ALLOWED -1. Currently, ACTIVE_PNOR_MAX_ALLOWED is
set to 2. We have seen cases where there are 3 active PNOR versions.
In those cases, freeSpace() only removes 1 active PNOR version, when
it should remove 2 to bring the total number of active PNOR
versions to 1.
Resolves openbmc/openbmc#2806
Change-Id: I0e9f5b6835298ae86091848f889bbc316e0a7f57
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an Enable dbus object to determine if the Volatile PNOR partitions
should be cleared. An Enabled value of false (default) means volatile
is disabled and the partitions should not be cleared.
This property would be set by the host via IPMI, and the BMC would
check it on the power on path.
Part of openbmc/openbmc#2397
Change-Id: Ic9362206d2b1d4fd44b3505ed53e72ec240ad60c
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
This patch extends the functionality of the host factory reset by
clearing the pnor-patch directory at /usr/local/share/pnor.
Change-Id: I9d4e3838eee3e743bd954fad697ae84deda0518c
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
The path to the Gard reset should be /org/open_power/control/gard. This
commit adds the missing underscore.
Change-Id: I01284596d7f52c31bf3c11e31ae6b8bd717a3fa4
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- In order to remove the delete object from functional
image, the delete interface is moved inside the
version class so that both item_updater and image_manager
can make use of the same implementation.
- To avoid having two delete objects attached to the same
HOST version (item_updater and image_manager), we are now
deleting the image_manager object once the activation
is complete.
Partially resolves openbmc/openbmc#2490
Change-Id: Ie515cc01d5f154e6e55b9a3fb71d831730cd46f6
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit enhances the host updater by dynamically removing the
Object.Delete interface from a host activation that is currently
running. Once the host isn't running anymore, the interface is re-added
so that the activation may be deleted.
Additionally, isVersionFunctional() from the parent updater is exposed,
since this function is needed to determine whether a given activation
is currently running on the host.
Add the Delete interface to all interfaces when the item updater starts
up, because the chassis state would be off initially, and in the case
where it automatically powers on because the BMC rebooted while the host
was on, the chassis property signal would cause the Delete interface to
be removed.
Change-Id: I4afcc1ebe2e8a3ce212b426749295e79b68cac62
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
| |
Scope is to add missing logs for InternalFailure errors
Change-Id: I91dce3221b54b55fd562d2ed730614c489eecb55
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the code update, the newly activated version would have a priority
value of 0. If the host is not rebooted, the functional version would
still be the old version but it'd now have a priority value of 1.
If another code update is requested at this point, the function that
frees up space would try to remove the highest priority version which
is the running one.
Add a check to ignore the version if it's the functional one, also
allow a version of priority 0 to be deleted.
Change-Id: I077ea2eeff68e07af533103f292be592326b5111
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
The scratch directory, holding the extracted squashfs image and
the temporary UBI image, can be quite large, >40MB.
Use trap to make sure it always gets cleaned up.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: I0289036dcf2bbf40fc76cf5ebf9dde1d47379435
|
| |
|
|
|
|
|
|
| |
Allow user to pass in the size of the PNOR UBI image.
Default is 128.
Change-Id: Ifbd7ff0e9185e4d445f39be144f07eb907f0051e
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a 128MiB UBI image with 3 volumes: a static
pnor-ro-<versionId>, a dynamic pnor-rw-<versionId>,
and a dynamic pnor-prsv.
The pnor-ro-<versionId> is created from the squashfs file.
pnor-rw-<versionId> and pnor-prsv are both empty and size
16MiB and 2MiB respectively.
A future enhancement would be to pass in the size of the image.
Resolves openbmc/openbmc#2509
Change-Id: Ia8d9f3d8c72487eac06d7a5be5e856b1b07de7b1
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Untar the tarball and then check for existence of
pnor.xz.squashfs file.
A PNOR SquashFS Tarball must have a pnor.xz.squashfs file.
A similar check is done is in the openpower item updater.
Change-Id: Id6e63ee088941044ecc22282bd5abd6358d17d87
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
