| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
Added build level support to enable/disable signed
validation using WANT_SIGNATURE_VERIFY flag.
Change-Id: I93bc72a69b877baa9df27272c0b20426069b7557
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
Added support for OpenSSL based function for the signed
image validation.
Change-Id: I45bb677276694b0bbb92c7c694c7f95b8b2c011d
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Enabled high level logic flow for the signed image
signature validation routines.
Includes reading hash type, key type from Manifest file.
Change-Id: I9b0213042bb15882f351e7937fd17fb0a3e9fb33
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
Initial version of the signature validation infrastructure
for BMC signed image.
Change-Id: I79d8ad10dbb7e3c4f0ffd21609b483be6734b4af
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
| |
|
|
|
| |
Change-Id: Ia899858c11cff6e4fa26b820b35b1e5dca1b57df
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the phosphor-bmc-code-mgmt commit ee13e8 "BMC: Fix the
delete implementation" it broke the DeleteAll implementation
created with commit bc1bf3a "BMC Updater: Add function to
delete all versions" by erasing elements from the container
we're iterating over, causing the application to core dump.
Putting the original implementation back.
Fixes openbmc/openbmc#2954
Change-Id: I858a2d773e6f529a6253903198048326d74d5c15
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current name "software_version" is not very useful.
The GUI to determine if an image is functional is looking at
/xyz/openbmc_project/software/<image id>/functional.
The GUI could still do the same thing with "software_version"
by looking for
/xyz/openbmc_project/software/<image id>/software_version to
determine if an image is functional, but that feels really wrong.
Part of openbmc/openbmc#2945.
Tested: Built an image with this change, flashed onto a
Witherspoon and verified the "functional" association
worked forward and reverse.
Change-Id: I40161e9fc049172e503c1353491eda90dda352e7
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Enable the service that blocks reboot within the constructor
of ActivationBlockTransition, so that the user can't reboot BMC
while code update is in progress.
- Once the code update is complete the destructor of
ActivationBlockTransition will disable any reboot guard that
prevents user from rebooting the BMC.
Tested: Verified that the user is unable to reboot during the activation
process and that journal logs are present to indicate why the user is
unable to reboot.
Resolves openbmc/openbmc#1944
Change-Id: Ia149a76bcf093b011fe243fc609ae83358a0f933
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
std::function is not found with a GCC 7.2 runtime.
Tested: Built repository with GCC 7.2
Change-Id: Ie139a8897aea4036c1159bebb03c3b446fb23687
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new function to delete version objects as part of the Activation.
The code update service automatically removes the ubi volumes to make
space, but it does not remove the dbus object associated with the
removed volume. The side effect of leaving the dbus object is that
when freePriority() is called at the end of the Activation, a new
priority value is assigned to all version dbus objects (including the
deleted one) which fills up the u-boot environment variables.
Tested: Verified that after an Activation, there were only 2 priority
values in the u-boot env variables instead of 3, and they corresponded
to existing volumes.
Change-Id: I41a7ea95eeea1c8a2cb8ce4b41671e77f5c42cac
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The logging interfaces don't support std::string, so need to pass
c-strings to the metadata fields, or the pointer address will be
the one added to the log.
- Log the name of the file uploaded to the BMC instead of the
manifest path when there is a manifest error. The manifest path
is always /tmp/imgXXXX/MANIFEST which doesn't help debug.
- Check the status of the child process after waitpid returns. The
execl call returns when there was an error executing execl, not
if the command executed failed. This will catch when tar returns
a non-0 return code.
Change-Id: Ia4bd2666fc6beec28dee7e821d959a336800d282
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was an error seen where the version manager core dumped when
it tried to remove the temporary directory after a manifest failure:
phosphor-version-software-manager[1264]: Error No manifest file
phosphor-version-software-manager[1264]: terminate called after throwing an
instance of 'std::experimental::filesystem::v1::__cxx11::filesystem_error'
phosphor-version-software-manager[1264]: what(): filesystem error: cannot
remove all: No such file or directory [/tmp/images/imageKcwJFc]
To prevent the core dump, check that the directory exists before trying
to remove it. Create a journal error entry to aid debug since path should
exist.
Change-Id: Ifb47f9a44aa8835c8b7416c7e1a0e67c664d6160
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service file obmc-flash-bmc-updateubootvars@.service
updates the boot environment variables to point to the
newly updated image. Need to wait for this service to finish
before marking the update as complete. Otherwise the user may
reboot the system while the env vars are being updated thinking
that the update has completed because the Activation value would
be set to Active.
Resolves openbmc/openbmc#2764
Change-Id: Ic33cf62e46555c9925385bb5d9d28de9aeee85a1
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Activation code monitors the systemd service files that
create the volumes, and sets the value to Activating if the
services are running, or Failed if they fail.
This monitoring code checks the name of the service file for
when it fails, but it wasn't checking it for when it succeeds,
leading to any systemd file that finished to trigger calling
the Activation function multiple times.
Also avoid removing the Priority object if the requested
Activation value is Activating, since that's what the value
the monitoring code calls during the update.
Part of openbmc/openbmc#2764
Change-Id: Ib6681ce5d63d184a2ee9ffe05c083e1085efd2ac
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When deleting the updated image from the Version object,
the code would query the mapper to get the busname. This
call would return 2 busnames, the one for the Activation
object and the one for the Version object. Then the code
would call Delete on the first busname on the list which
would be the Activation one, causing an error because the
running image can't be deleted from the Activation object.
Instead of querying the mapper for all busnames of a path,
and adding logic to figure out which one is the Version one,
the updater already knows the Version busname, so just use
that directly.
Part of openbmc/openbmc#2764
Change-Id: Ia490e11c0fd312fe0c05279964c2cb0c4461ccb3
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
There were some TODOs to more efficiently find the BMC inventory
object. The pending issues have been resolved so update the code
to search for the BMC inventory interface from the whole
inventory root path.
Change-Id: I4331814bb6b9cc8e8b0bba7b85c8d75b8c1bacf6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fix addresses a defect in the BMC updater. When we restore the BMC
version priority after a reboot, we pull it from a list of environment
variables. Initially, we did so just by looking for the version ID -
since that implementation, however, an additional environment variable
has been added that uses the version ID. This caused the priority to
sometimes be restored incorrectly, depending on the order of the
variables within the file.
In order to fix this defect, we search instead for "[versionID]=", which
is more specific.
Resolves openbmc/openbmc#2721
Change-Id: I2fd2e04c5268a63a8760ad4e3af28144583ea2dc
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Implement delete interface inside version class
so that both item_updater and image_manager can
share the same interface. This meant removing the
delete interface from inside the activation class.
- The delete is created as a separate object inside
version, only if the image is non-functional.
This helps remove the delete interface from a
running BMC/HOST image.
- As part of the activation process, the version from
inside the image_manager is deleted and so is the
version's tarfile from the image upload dir.
Partially resolves openbmc/openbmc#2490
Change-Id: Ib35bf188df85ebd2277d3d9ad04300e434965eea
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of throwing an error, create the image directory,
if not present.
The inotify code should create the image directory if not present,
not the upload or TFTP code. Removed creating the image directory from
the TFTP here and removed from the upload in another commit.
Change-Id: I8c142283cfd5a3c87bdf2291d2e79729ec9ac319
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.
Change-Id: I14d5782540e6524274a86c000b94fb1c5bdf7313
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is Licensed under GNU General Public License, version 2.
Change-Id: Ia499821e053e2d4280cd74d4020eab6b2febe854
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recursive nature of calling the free priority function
would trigger setting the u-boot env multiple times.
Make a change so that the priorities are sorted and
updated once.
- Create a non-overriden priority setter function to be called
by the free priority function and by the function that creates
the dbus objects after a bmc reboot. There's no need to call
to free the priorities after reboot since the priorities are
preserved on the bmc, and if they're not they default to 0 or 255.
- When a dbus request is made to update the priority, update
the value, then call the free priority function, which will
sort the versions by priority and bump the priority of any
duplicate ones.
Resolves openbmc/openbmc#2535
Change-Id: Ib92cc0ca6c4d5f6e986f3cde7156d63b53844b46
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit enhances the functionality of the BMC software updater.
Previously, each BMC version uploaded to the system would implement the
Object.Delete D-Bus interface, including the version currently running
on the BMC. In principle, this is a pretty major issue - at best, the
Delete would do nothing to the current version but throw an error, and
at worst, it could partially remove it and cause problems.
This commit fixes that problem by moving the Delete implementation into
a separate object for each activation and removing that interface for
the current version.
Resolves openbmc/openbmc#2335
Change-Id: I721b7455c9fb309ecbb50f807aaa44a16d51ba5a
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit fixes a problem with field mode - namely, that the file
location for environment variables was moved. The new path is now
referenced when checking field mode status after a reboot.
Resolves openbmc/openbmc#2428
Change-Id: I68b5d2a3ce6e2aa0b2c3825bc56e02d6bf581e9d
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The item_updater is called multiple times to createActivation
object when a new image is uploaded. This ends up producing a
log in the journal suggesting the image was already uploaded
even if the image didn't exist before.
Therefore moving the log inside the image_mananger so that its
called once when the image is uploaded.
Resolves openbmc/openbmc#2261
Change-Id: Ia6590a3a77ccb577c65803de3233b06e7bfb1320
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The Watch class is not moveable since the this ptr is passed to
sd_event_add_io for context. After a move, systemd context will
be pointing at something random.
Based on feedback on
https://gerrit.openbmc-project.xyz/#/c/6718/7/watch.hpp@35
Change-Id: Idbed233bf84c814d76899dac4fa097c1ee8915f4
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
| |
Journal entry variable names should be uppercase.
Change-Id: I3b100cf6f56fe233cebb19f561ee706b9b1da9bb
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- If the new priority is the lowest then set the uboot to point
to that particular version
- Otherwise reset the Uboot environment variable to find the version
with the lowest priority and then set that in uboot.
Resolves openbmc/openbmc#2512
Change-Id: Id27e78a85662e0ff2e941515bb467a43c6076d96
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- We need to update the uboot env variables to point to the
version that has the lowest priority when
the version with lowest priority gets deleted or when
the version with lowest priority gets a higher priority
Resolves openbmc/openbmc#2372
Change-Id: If43105c9ee2c3ada8aeb19939a428eb05e621ee9
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
| |
Style changes only.
Change-Id: I29127c1fa45bbe24fd252fb7c0fe95fb229d0129
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
| |
Style changes only.
Change-Id: I87160818978bbc587ae4b4b5f6ff7ca379a4aa02
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
| |
Style changes only.
Change-Id: Ic2a8f5b012849da657af24724b3fc55c5efeb979
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
No longer throw a runtime_error when an error occurs in
getValue, getId, or getBMCVersion. Instead, elog an error.
These functions in openpower-pnor-code-mgmt, already do this.
Change-Id: Id0d5173705d9d014e298812c4561cf4bc1ee8910
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
Style and comment changes only.
A similar change was made in openpower-pnor-code-mgmt.
Change-Id: I5ad5cb37267983a1749847599d379e437e818540
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
Style changes only.
A similar change was made in openpower-pnor-code-mgmt.
Change-Id: If68aa4822ea41a6af44258e398dfe6966827b35c
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Style and comment changes only.
Made more clear the difference between the version id (e.g. ad324adb)
and the version string (e.g. v1.99.10-19 or
IBM-witherspoon-sequoia-ibm-OP9_v1.18_1.54)
A similar change was made in openpower-pnor-code-mgmt.
Change-Id: Ic8cb41ff35117196a134d46eaa4bd476c37abd4c
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- Create a dir under /media called rofs-<versionId> and create a
symlink for /etc/os-release. This would allow us to recreate the
Software Object corresponding to the current BMC version.
Resolves openbmc/openbmc#2277
Change-Id: Icaed9eaaffd479243e115dffe1dea6de40b9f795
Signed-off-by: Saqib Khan <khansa@gfwa124.aus.stglabs.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- We needed a hash algorithm that can be replicated on
multiple platforms and across multiple programming languages.
- This would allow the user to calculate the versionID by
executing the following command to obtain correct versionID.
echo -n "<versionID>" | sha512sum | cut -b 1-8
- This is part of the change required for openbmc/openbmc#2323
Change-Id: Ibc96a2871f07cb549c482c06dec7090e6ba3a766
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The priority values are saved on the BMC flash and in u-boot env
variables as backup, but in the case where both copies are missing
like when the BMC chip is reflashed using a programmer, set the
Priority value of the functional (currently running) BMC version
to 0 to indicate that's the image the BMC booted from.
Resolves openbmc/openbmc#2373
Change-Id: I7cc8a7ae5b1c676891109c71686d7f9b18fde1ca
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
- When a bmc rofs volume is corrupted, it no longer has a valid
os-release. This had caused the BMC.Updater service to core-dump.
We need to delete corrupted volumes in order to prevent such
versions from filling up the space on chip.
Change-Id: I7f23382891dfd9b4dba40ffc1dc3084e088e92b1
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
This commit extends the item updater with a function to delete all
non-current versions uploaded to the machine.
Resolves openbmc/openbmc#2264
Change-Id: I4d835d5020766f8bb5e9653b28535acfb191fe53
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- If a BMC is set to the lowest priority then update the u-boot
environment variables so that that system boots from that version
on the next reboot.
Resolves openbmc/openbmc#2284
Change-Id: If0b67b07496f602fa06607bd0685d6394cb8d9fd
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
removeActiveAssociation and createActiveAssociation should be
pass by reference.
Change-Id: If9396b4ab36fc4497db0cf0b6da7e04a2c6c4055
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
| |
Create a functional association for the "running" BMC image.
Change-Id: Id254df06b4361b418e765cc5222b1e1ee0d348a3
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
| |
Style only changes
Change-Id: I7cec0ac37bc7c72f0dfeedf77811f5036820019f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
This commit changes serialize.cpp's create_directory call to
create_directories because core dumps have been observed when
the directory /var/lib/obmc does not exist.
Change-Id: I7e948644dddd26a34ae33400d220698e4b1bace6
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
- Check if the image to be erased is currently running on the BMC. If it
is, fail to erase the image.
Change-Id: Ief2ba2e5e16f6664eeb429699b826cae78ef9291
Signed-off-by: Eddie James <eajames@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Create active association on startup for
active BMC versions. Moved creating the association inside
the for loop. The association is only needed
if there is an active image so should be inside the for loop
to check if it is an active image.
Change-Id: Iba7519ba08cb79dc06607caa8b44a0a3022c0ddc
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Remove Delete inheritance and method from Version object.
- Add Delete inheritance and method to Activation object.
- Add a listener in the image Manager for deleted Versions and remove
its 'backup' copy of the Version.
Resolves openbmc/openbmc#2086
Change-Id: If41783319cf1ff5b840b747ba457d0570bc52918
Signed-off-by: Eddie James <eajames@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- The bmc read only file systems volumes are named rofs-<versionId>.
- This will fix the issue that prevented item_updater from creating
the bmc versionIds after a reboot.
Resolves openbmc/openbmc#2267
Change-Id: I26034cbb8928baba8e551aff795f87a0e2c4a262
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
