xref: /openbmc/bios-settings-mgr/include/secureboot.hpp (revision 627c99dec58b6c5012b6c271935ad7902def9e64) 
1 #pragma once
2 
3 #include <cereal/access.hpp>
4 #include <cereal/cereal.hpp>
5 #include <phosphor-logging/lg2.hpp>
6 #include <sdbusplus/asio/object_server.hpp>
7 #include <sdbusplus/server.hpp>
8 #include <xyz/openbmc_project/BIOSConfig/SecureBoot/server.hpp>
9 
10 #include <filesystem>
11 #include <string>
12 
13 namespace fs = std::filesystem;
14 
15 namespace bios_config
16 {
17 static constexpr auto secureBootObjectPath =
18     "/xyz/openbmc_project/bios_config/secure_boot";
19 static constexpr auto secureBootPersistFile = "securebootData";
20 
21 using SecureBootBase =
22     sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot;
23 
24 class SecureBoot : public SecureBootBase
25 {
26   public:
27     SecureBoot() = delete;
28     ~SecureBoot() = default;
29     SecureBoot(const SecureBoot&) = delete;
30     SecureBoot& operator=(const SecureBoot&) = delete;
31     SecureBoot(SecureBoot&&) = delete;
32     SecureBoot& operator=(SecureBoot&&) = delete;
33 
34     /** @brief Constructs SecureBoot object.
35      *
36      *  @param[in] objectServer  - object server
37      *  @param[in] systemBus - bus connection
38      *  @param[in] persistPath - path to the secureboot data file
39      */
40     SecureBoot(sdbusplus::asio::object_server& objectServer,
41                std::shared_ptr<sdbusplus::asio::connection>& systemBus,
42                std::string persistPath);
43 
44     /** @brief Indicates the UEFI Secure Boot state during the current boot
45      * cycle
46      *
47      *  @param[in] value - Boot Type during the current cycle
48      *
49      *  @return On success, return the CurrentBootType
50      */
51     CurrentBootType currentBoot(CurrentBootType value) override;
52 
53     /** @brief Indicates whether the UEFI Secure Boot takes effect on next boot
54      *
55      *  @param[in] value - new value for the attribute
56      *
57      *  @return On succes, return the new attribute
58      */
59     bool pendingEnable(bool value) override;
60 
61     /** @brief Indicates the current UEFI Secure Boot Mode
62      *
63      *  @param[in] value - new value for the attribute
64      *
65      *  @return On success, return the new attribute
66      */
67     ModeType mode(ModeType value) override;
68 
69   private:
70     sdbusplus::asio::object_server& objServer;
71     std::shared_ptr<sdbusplus::asio::connection>& systemBus;
72     std::filesystem::path secureBootFile;
73 
74     friend class cereal::access;
75 
76     /** @brief Save the SecureBoot object to the persistent storage
77      *
78      *  @param[in] archive - archive
79      *  @param[in] version - version
80      */
81     template <class Archive>
save(Archive & archive,const std::uint32_t version) const82     void save(Archive& archive, const std::uint32_t version) const
83     {
84         // version is not used currently
85         lg2::error("Save is called with version {VER}", "VER", version);
86         archive(sdbusplus::xyz::openbmc_project::BIOSConfig::server::
87                     SecureBoot::currentBoot(),
88                 sdbusplus::xyz::openbmc_project::BIOSConfig::server::
89                     SecureBoot::pendingEnable(),
90                 sdbusplus::xyz::openbmc_project::BIOSConfig::server::
91                     SecureBoot::mode());
92     }
93 
94     /** @brief Load the SecureBoot object from the persistent storage
95      *
96      *  @param[in] archive - archive
97      *  @param[in] version - version
98      */
99     template <class Archive>
load(Archive & archive,const std::uint32_t version)100     void load(Archive& archive, const std::uint32_t version)
101     {
102         (void)(version);
103         SecureBoot::CurrentBootType currentBootValue =
104             SecureBoot::CurrentBootType::Unknown;
105         bool enableValue = false;
106         SecureBoot::ModeType modeValue = SecureBoot::ModeType::Unknown;
107 
108         archive(currentBootValue, enableValue, modeValue);
109         sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot::
110             currentBoot(currentBootValue, true);
111         sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot::
112             pendingEnable(enableValue, true);
113         sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot::mode(
114             modeValue, true);
115     }
116 
117     /** @brief Serialize the SecureBoot object to the persistent storage
118      */
119     void serialize();
120 
121     /** @brief Deserialize the SecureBoot object from the persistent storage
122      *
123      *  @return On success, return true
124      *  @return On failure, return false
125      */
126     bool deserialize();
127 };
128 } // namespace bios_config
129