| estoraged.cpp (f59b729120078233641564a64a11c690f0a43274) | estoraged.cpp (82897c35761f505c2b881f72c61f726f7d562692) |
|---|---|
| 1 2#include "estoraged.hpp" 3 4#include "cryptErase.hpp" 5#include "cryptsetupInterface.hpp" 6#include "pattern.hpp" 7#include "verifyDriveGeometry.hpp" 8#include "zero.hpp" 9 10#include <libcryptsetup.h> 11#include <openssl/rand.h> | 1 2#include "estoraged.hpp" 3 4#include "cryptErase.hpp" 5#include "cryptsetupInterface.hpp" 6#include "pattern.hpp" 7#include "verifyDriveGeometry.hpp" 8#include "zero.hpp" 9 10#include <libcryptsetup.h> 11#include <openssl/rand.h> |
| 12#include <stdlib.h> | |
| 13 14#include <phosphor-logging/lg2.hpp> 15#include <xyz/openbmc_project/Common/error.hpp> 16 | 12 13#include <phosphor-logging/lg2.hpp> 14#include <xyz/openbmc_project/Common/error.hpp> 15 |
| 16#include <cstdlib> |
|
| 17#include <filesystem> 18#include <iostream> 19#include <string_view> 20#include <vector> 21 22namespace estoraged 23{ 24 25using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 26using sdbusplus::xyz::openbmc_project::Common::Error::ResourceNotFound; 27using sdbusplus::xyz::openbmc_project::Common::Error::UnsupportedRequest; 28 | 17#include <filesystem> 18#include <iostream> 19#include <string_view> 20#include <vector> 21 22namespace estoraged 23{ 24 25using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 26using sdbusplus::xyz::openbmc_project::Common::Error::ResourceNotFound; 27using sdbusplus::xyz::openbmc_project::Common::Error::UnsupportedRequest; 28 |
| 29void eStoraged::formatLuks(std::vector<uint8_t> password, FilesystemType type) | 29void EStoraged::formatLuks(std::vector<uint8_t> password, FilesystemType type) |
| 30{ 31 std::string msg = "OpenBMC.0.1.DriveFormat"; 32 lg2::info("Starting format", "REDFISH_MESSAGE_ID", msg); 33 34 if (type != FilesystemType::ext4) 35 { 36 lg2::error("Only ext4 filesystems are supported currently", 37 "REDFISH_MESSAGE_ID", std::string("OpenBMC.0.1.FormatFail")); --- 10 unchanged lines hidden (view full) --- 48 49 formatLuksDev(cryptHandle.get(), password); 50 activateLuksDev(cryptHandle.get(), password); 51 52 createFilesystem(); 53 mountFilesystem(); 54} 55 | 30{ 31 std::string msg = "OpenBMC.0.1.DriveFormat"; 32 lg2::info("Starting format", "REDFISH_MESSAGE_ID", msg); 33 34 if (type != FilesystemType::ext4) 35 { 36 lg2::error("Only ext4 filesystems are supported currently", 37 "REDFISH_MESSAGE_ID", std::string("OpenBMC.0.1.FormatFail")); --- 10 unchanged lines hidden (view full) --- 48 49 formatLuksDev(cryptHandle.get(), password); 50 activateLuksDev(cryptHandle.get(), password); 51 52 createFilesystem(); 53 mountFilesystem(); 54} 55 |
| 56void eStoraged::erase(EraseMethod inEraseMethod) | 56void EStoraged::erase(EraseMethod inEraseMethod) |
| 57{ 58 std::cerr << "Erasing encrypted eMMC" << std::endl; 59 lg2::info("Starting erase", "REDFISH_MESSAGE_ID", 60 std::string("OpenBMC.0.1.DriveErase")); 61 switch (inEraseMethod) 62 { 63 case EraseMethod::CryptoErase: 64 { --- 45 unchanged lines hidden (view full) --- 110 } 111 // TODO: implement hardware locking 112 // Until that is done, we can lock using eStoraged::lock() 113 break; 114 } 115 } 116} 117 | 57{ 58 std::cerr << "Erasing encrypted eMMC" << std::endl; 59 lg2::info("Starting erase", "REDFISH_MESSAGE_ID", 60 std::string("OpenBMC.0.1.DriveErase")); 61 switch (inEraseMethod) 62 { 63 case EraseMethod::CryptoErase: 64 { --- 45 unchanged lines hidden (view full) --- 110 } 111 // TODO: implement hardware locking 112 // Until that is done, we can lock using eStoraged::lock() 113 break; 114 } 115 } 116} 117 |
| 118void eStoraged::lock() | 118void EStoraged::lock() |
| 119{ 120 std::string msg = "OpenBMC.0.1.DriveLock"; 121 lg2::info("Starting lock", "REDFISH_MESSAGE_ID", msg); 122 123 unmountFilesystem(); 124 deactivateLuksDev(); 125} 126 | 119{ 120 std::string msg = "OpenBMC.0.1.DriveLock"; 121 lg2::info("Starting lock", "REDFISH_MESSAGE_ID", msg); 122 123 unmountFilesystem(); 124 deactivateLuksDev(); 125} 126 |
| 127void eStoraged::unlock(std::vector<uint8_t> password) | 127void EStoraged::unlock(std::vector<uint8_t> password) |
| 128{ 129 std::string msg = "OpenBMC.0.1.DriveUnlock"; 130 lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg); 131 132 CryptHandle cryptHandle(devPath.c_str()); 133 if (cryptHandle.get() == nullptr) 134 { 135 lg2::error("Failed to initialize crypt device", "REDFISH_MESSAGE_ID", 136 std::string("OpenBMC.0.1.UnlockFail")); 137 throw ResourceNotFound(); 138 } 139 140 activateLuksDev(cryptHandle.get(), password); 141 mountFilesystem(); 142} 143 | 128{ 129 std::string msg = "OpenBMC.0.1.DriveUnlock"; 130 lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg); 131 132 CryptHandle cryptHandle(devPath.c_str()); 133 if (cryptHandle.get() == nullptr) 134 { 135 lg2::error("Failed to initialize crypt device", "REDFISH_MESSAGE_ID", 136 std::string("OpenBMC.0.1.UnlockFail")); 137 throw ResourceNotFound(); 138 } 139 140 activateLuksDev(cryptHandle.get(), password); 141 mountFilesystem(); 142} 143 |
| 144void eStoraged::changePassword(std::vector<uint8_t>, std::vector<uint8_t>) | 144void EStoraged::changePassword(std::vector<uint8_t> /*oldPassword*/, 145 std::vector<uint8_t> /*newPassword*/) |
| 145{ 146 std::cerr << "Changing password for encrypted eMMC" << std::endl; 147 lg2::info("Starting change password", "REDFISH_MESSAGE_ID", 148 std::string("OpenBMC.0.1.DrivePasswordChanged")); 149} 150 | 146{ 147 std::cerr << "Changing password for encrypted eMMC" << std::endl; 148 lg2::info("Starting change password", "REDFISH_MESSAGE_ID", 149 std::string("OpenBMC.0.1.DrivePasswordChanged")); 150} 151 |
| 151bool eStoraged::isLocked() const | 152bool EStoraged::isLocked() const |
| 152{ 153 return locked(); 154} 155 | 153{ 154 return locked(); 155} 156 |
| 156std::string_view eStoraged::getMountPoint() const | 157std::string_view EStoraged::getMountPoint() const |
| 157{ 158 return mountPoint; 159} 160 | 158{ 159 return mountPoint; 160} 161 |
| 161void eStoraged::formatLuksDev(struct crypt_device* cd, | 162void EStoraged::formatLuksDev(struct crypt_device* cd, |
| 162 std::vector<uint8_t> password) 163{ 164 lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 165 std::string("OpenBMC.0.1.FormatLuksDev")); 166 167 /* Generate the volume key. */ 168 const std::size_t keySize = 64; 169 std::vector<uint8_t> volumeKey(keySize); --- 31 unchanged lines hidden (view full) --- 201 throw InternalFailure(); 202 } 203 204 lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath, 205 "REDFISH_MESSAGE_ID", 206 std::string("OpenBMC.0.1.FormatLuksDevSuccess")); 207} 208 | 163 std::vector<uint8_t> password) 164{ 165 lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 166 std::string("OpenBMC.0.1.FormatLuksDev")); 167 168 /* Generate the volume key. */ 169 const std::size_t keySize = 64; 170 std::vector<uint8_t> volumeKey(keySize); --- 31 unchanged lines hidden (view full) --- 202 throw InternalFailure(); 203 } 204 205 lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath, 206 "REDFISH_MESSAGE_ID", 207 std::string("OpenBMC.0.1.FormatLuksDevSuccess")); 208} 209 |
| 209void eStoraged::activateLuksDev(struct crypt_device* cd, | 210void EStoraged::activateLuksDev(struct crypt_device* cd, |
| 210 std::vector<uint8_t> password) 211{ 212 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 213 std::string("OpenBMC.0.1.ActivateLuksDev")); 214 215 int retval = cryptIface->cryptLoad(cd, CRYPT_LUKS2, nullptr); 216 if (retval < 0) 217 { --- 18 unchanged lines hidden (view full) --- 236 /* Device is now unlocked. */ 237 locked(false); 238 239 lg2::info("Successfully activated LUKS dev {DEV}", "DEV", devPath, 240 "REDFISH_MESSAGE_ID", 241 std::string("OpenBMC.0.1.ActivateLuksDevSuccess")); 242} 243 | 211 std::vector<uint8_t> password) 212{ 213 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 214 std::string("OpenBMC.0.1.ActivateLuksDev")); 215 216 int retval = cryptIface->cryptLoad(cd, CRYPT_LUKS2, nullptr); 217 if (retval < 0) 218 { --- 18 unchanged lines hidden (view full) --- 237 /* Device is now unlocked. */ 238 locked(false); 239 240 lg2::info("Successfully activated LUKS dev {DEV}", "DEV", devPath, 241 "REDFISH_MESSAGE_ID", 242 std::string("OpenBMC.0.1.ActivateLuksDevSuccess")); 243} 244 |
| 244void eStoraged::createFilesystem() | 245void EStoraged::createFilesystem() |
| 245{ 246 /* Run the command to create the filesystem. */ 247 int retval = fsIface->runMkfs(containerName); | 246{ 247 /* Run the command to create the filesystem. */ 248 int retval = fsIface->runMkfs(containerName); |
| 248 if (retval) | 249 if (retval != 0) |
| 249 { 250 lg2::error("Failed to create filesystem: {RETVAL}", "RETVAL", retval, 251 "REDFISH_MESSAGE_ID", 252 std::string("OpenBMC.0.1.CreateFilesystemFail")); 253 throw InternalFailure(); 254 } 255 lg2::info("Successfully created filesystem for /dev/mapper/{CONTAINER}", 256 "CONTAINER", containerName, "REDFISH_MESSAGE_ID", 257 std::string("OpenBMC.0.1.CreateFilesystemSuccess")); 258} 259 | 250 { 251 lg2::error("Failed to create filesystem: {RETVAL}", "RETVAL", retval, 252 "REDFISH_MESSAGE_ID", 253 std::string("OpenBMC.0.1.CreateFilesystemFail")); 254 throw InternalFailure(); 255 } 256 lg2::info("Successfully created filesystem for /dev/mapper/{CONTAINER}", 257 "CONTAINER", containerName, "REDFISH_MESSAGE_ID", 258 std::string("OpenBMC.0.1.CreateFilesystemSuccess")); 259} 260 |
| 260void eStoraged::mountFilesystem() | 261void EStoraged::mountFilesystem() |
| 261{ 262 /* 263 * Create directory for the filesystem, if it's not already present. It 264 * might already exist if, for example, the BMC reboots after creating the 265 * directory. 266 */ 267 if (!fsIface->directoryExists(std::filesystem::path(mountPoint))) 268 { --- 7 unchanged lines hidden (view full) --- 276 throw InternalFailure(); 277 } 278 } 279 280 /* Run the command to mount the filesystem. */ 281 std::string luksContainer("/dev/mapper/" + containerName); 282 int retval = fsIface->doMount(luksContainer.c_str(), mountPoint.c_str(), 283 "ext4", 0, nullptr); | 262{ 263 /* 264 * Create directory for the filesystem, if it's not already present. It 265 * might already exist if, for example, the BMC reboots after creating the 266 * directory. 267 */ 268 if (!fsIface->directoryExists(std::filesystem::path(mountPoint))) 269 { --- 7 unchanged lines hidden (view full) --- 277 throw InternalFailure(); 278 } 279 } 280 281 /* Run the command to mount the filesystem. */ 282 std::string luksContainer("/dev/mapper/" + containerName); 283 int retval = fsIface->doMount(luksContainer.c_str(), mountPoint.c_str(), 284 "ext4", 0, nullptr); |
| 284 if (retval) | 285 if (retval != 0) |
| 285 { 286 lg2::error("Failed to mount filesystem: {RETVAL}", "RETVAL", retval, 287 "REDFISH_MESSAGE_ID", 288 std::string("OpenBMC.0.1.MountFilesystemFail")); 289 bool removeSuccess = 290 fsIface->removeDirectory(std::filesystem::path(mountPoint)); 291 if (!removeSuccess) 292 { --- 4 unchanged lines hidden (view full) --- 297 throw InternalFailure(); 298 } 299 300 lg2::info("Successfully mounted filesystem at {DIR}", "DIR", mountPoint, 301 "REDFISH_MESSAGE_ID", 302 std::string("OpenBMC.0.1.MountFilesystemSuccess")); 303} 304 | 286 { 287 lg2::error("Failed to mount filesystem: {RETVAL}", "RETVAL", retval, 288 "REDFISH_MESSAGE_ID", 289 std::string("OpenBMC.0.1.MountFilesystemFail")); 290 bool removeSuccess = 291 fsIface->removeDirectory(std::filesystem::path(mountPoint)); 292 if (!removeSuccess) 293 { --- 4 unchanged lines hidden (view full) --- 298 throw InternalFailure(); 299 } 300 301 lg2::info("Successfully mounted filesystem at {DIR}", "DIR", mountPoint, 302 "REDFISH_MESSAGE_ID", 303 std::string("OpenBMC.0.1.MountFilesystemSuccess")); 304} 305 |
| 305void eStoraged::unmountFilesystem() | 306void EStoraged::unmountFilesystem() |
| 306{ 307 int retval = fsIface->doUnmount(mountPoint.c_str()); | 307{ 308 int retval = fsIface->doUnmount(mountPoint.c_str()); |
| 308 if (retval) | 309 if (retval != 0) |
| 309 { 310 lg2::error("Failed to unmount filesystem: {RETVAL}", "RETVAL", retval, 311 "REDFISH_MESSAGE_ID", 312 std::string("OpenBMC.0.1.UnmountFilesystemFail")); 313 throw InternalFailure(); 314 } 315 316 /* Remove the mount point. */ --- 6 unchanged lines hidden (view full) --- 323 throw InternalFailure(); 324 } 325 326 lg2::info("Successfully unmounted filesystem at {DIR}", "DIR", mountPoint, 327 "REDFISH_MESSAGE_ID", 328 std::string("OpenBMC.0.1.MountFilesystemSuccess")); 329} 330 | 310 { 311 lg2::error("Failed to unmount filesystem: {RETVAL}", "RETVAL", retval, 312 "REDFISH_MESSAGE_ID", 313 std::string("OpenBMC.0.1.UnmountFilesystemFail")); 314 throw InternalFailure(); 315 } 316 317 /* Remove the mount point. */ --- 6 unchanged lines hidden (view full) --- 324 throw InternalFailure(); 325 } 326 327 lg2::info("Successfully unmounted filesystem at {DIR}", "DIR", mountPoint, 328 "REDFISH_MESSAGE_ID", 329 std::string("OpenBMC.0.1.MountFilesystemSuccess")); 330} 331 |
| 331void eStoraged::deactivateLuksDev() | 332void EStoraged::deactivateLuksDev() |
| 332{ 333 lg2::info("Deactivating LUKS device {DEV}", "DEV", devPath, 334 "REDFISH_MESSAGE_ID", 335 std::string("OpenBMC.0.1.DeactivateLuksDev")); 336 337 int retval = cryptIface->cryptDeactivate(nullptr, containerName.c_str()); 338 if (retval < 0) 339 { --- 15 unchanged lines hidden --- | 333{ 334 lg2::info("Deactivating LUKS device {DEV}", "DEV", devPath, 335 "REDFISH_MESSAGE_ID", 336 std::string("OpenBMC.0.1.DeactivateLuksDev")); 337 338 int retval = cryptIface->cryptDeactivate(nullptr, containerName.c_str()); 339 if (retval < 0) 340 { --- 15 unchanged lines hidden --- |