Add lifetime property for drives interface

This will set the lifetime property when the eStoraged object is
created. This change does not expect the lifetime to change.

Tested:
busctl introspect x

Add lifetime property for drives interface

This will set the lifetime property when the eStoraged object is
created. This change does not expect the lifetime to change.

Tested:
busctl introspect xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/inventory/storage/mmcblk0
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
org.freedesktop.DBus.Introspectable interface - - -
.Introspect method - s -
org.freedesktop.DBus.Peer interface - - -
.GetMachineId method - s -
.Ping method - - -
org.freedesktop.DBus.Properties interface - - -
.Get method ss v -
.GetAll method s a{sv} -
.Set method ssv - -
.PropertiesChanged signal sa{sv}as - -
xyz.openbmc_project.Inventory.Item.Drive interface - - -
.Capacity property t (top secret) emits-change
.PredictedMediaLifeLeftPercent property y 100 emits-change
xyz.openbmc_project.Inventory.Item.Volume interface - - -
.ChangePassword method ayay - -
.Erase method s - -
.FormatLuks method ays - -
.Lock method - - -
.Unlock method ay - -

Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: Ifbbed7d81c55e3edbe519c2b1048b5d1731fbb0e

show more ...

Add erase sanitize

Sanitize uses the eMMC firmware to erase all blocks.

Tested:
$ cat /dev/urandom > /dev/mmcblk0

$ time busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/in

Add erase sanitize

Sanitize uses the eMMC firmware to erase all blocks.

Tested:
$ cat /dev/urandom > /dev/mmcblk0

$ time busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Erase s \
xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.VendorSanitize \
--timeout=1200

real 0m1.793s
user 0m0.021s
sys 0m0.009s

root@ytbaz20-nfd01:/# cat /dev/mmcblk0 | hexdump

0000000 0000 0000 0000 0000 0000 0000 0000 0000
*

Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I31bc21c0b6d31cbba0db752d94a93eb004dbbde6

show more ...

Add crypto Erase to eStorageD.

The goal is to erase the keys that are used to decrypt the drive. After
the keys are erased it will not be possible to decrypt the drive, even
if the password can be r

Add crypto Erase to eStorageD.

The goal is to erase the keys that are used to decrypt the drive. After
the keys are erased it will not be possible to decrypt the drive, even
if the password can be recalled. The data is forever inaccessible.

Testing:

$ systemctl stop emmc.service

$ /eStoraged -b /dev/mmcblk0 &

$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume FormatLuks ays 3 1 2 3 xyz.openbmc_project.Inventory.Item.Volume.FilesystemType.ext4

$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Lock

$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Erase s xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.CryptoErase

$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Unlock ay 3 1 2 3
Call failed: The operation failed internally.

Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I3221e82a92c1b555e2379b19c9e1d5b6e4b02f9b

show more ...

Add zero write and verify

This code implements the zero verify and zero write dbus interface. The
goal is to fill the whole block device with zeros, then check to make
sure the operation worked corr

Add zero write and verify

This code implements the zero verify and zero write dbus interface. The
goal is to fill the whole block device with zeros, then check to make
sure the operation worked correctly.

Tested:
$ systemctl stop emmc.service
$ ./eStoraged -b /dev/mmcblk0 &
$ time busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Erase s
xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.ZeroOverWrite --timeout=1200
Erasing encrypted eMMC <6> Starting erase

real 5m59.695s
user 0m0.000s
sys 0m0.030s

root@ytbaz20-nfd01:~/jebr# hexdump /dev/mmcblk0
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
$ time busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Erase s
xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.ZeroVerify --timeout=1200
Erasing encrypted eMMC
<6> Starting erase

real 5m46.920s
user 0m0.010s
sys 0m0.010s
$ echo "not zero" > /dev/mmcblk0
$ time busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Erase s
xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.ZeroVerify --timeout=1200
Erasing encrypted eMMC
<6> Starting erase
<3> Estoraged erase zeros block is not zero
Call failed: The operation failed internally.

real 0m0.022s
user 0m0.000s
sys 0m0.020s

Change-Id: Ie78ad427de1aa75472fc7ddd72d094866fe14b66
Signed-off-by: John Edward Broadbent <jebr@google.com>

show more ...

Add pattern write and verify to erase

The goals are to write a non-compressible and verifiable pattern to the
drive as a means to validate that the drive is working, and ensure all
blocks have been

Add pattern write and verify to erase

The goals are to write a non-compressible and verifiable pattern to the
drive as a means to validate that the drive is working, and ensure all
blocks have been overwritten.

Tested:
$ systemctl stop emmc.service
$ ./eStoraged -b /dev/mmcblk0&
$busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Erase s xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.LogicalOverWrite --timeout=1200

$busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Erase s xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.LogicalVerify --timeout=1200

$echo "jebr" > /dev/mmcblk0

$busctl call xyz.openbmc_project.eStoraged.mmcblk0 /xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.Inventory.Item.Volume Erase s xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.LogicalVerify --timeout=1200
Call failed: The operation failed internally.

Change-Id: Ibc1254279b1f46246eb37056ea6e4e1a57159bb9
Signed-off-by: John Edward Broadbent <jebr@google.com>

show more ...

Add Erase verifyGeometry

This confirms specified amount of the drive is accessible. The min and
max expected drive size are set as a build configuration, and compared
against the drive size (found b

Add Erase verifyGeometry

This confirms specified amount of the drive is accessible. The min and
max expected drive size are set as a build configuration, and compared
against the drive size (found by using the linux ioctl). Also adds
testing build files, testing options, and verifyGeometry test.

Tested: Ran eStoraged on a machine with an eMMC, using the following
$ ./eStoraged -b /dev/mmcblk0 &
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 \
xyz.openbmc_project.eStoraged Erase ays 1 1 \
xyz.openbmc_project.eStoraged.EraseMethod.VerifyGeometry

Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: Ie47f8666996a6085a115d1b86f2643bc278638c5

show more ...

Format LUKS encrypted device

This commit adds the functionality to format a new LUKS device, create a
filesystem, and mount it. Unit tests are included.

Currently, the D-Bus interface to format the

Format LUKS encrypted device

This commit adds the functionality to format a new LUKS device, create a
filesystem, and mount it. Unit tests are included.

Currently, the D-Bus interface to format the LUKS device is synchronous,
but it may need to become asynchronous, since it can take some time. The
format operation took about 20 seconds when testing it.

Tested: Ran eStoraged on a machine with an eMMC, using the following
commands:
$ /usr/bin/eStoraged -b /dev/mmcblk0 &
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Format ay 3 1 2 3
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Lock ay 3 1 2 3
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Unlock ay 3 1 2 3

Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: Ib5d0b8bb201b43a60238bfd4f13a29a6519a9f7d

show more ...