Improve accuracy of 'Locked' property

The 'Locked' property in the volume interface is supposed to indicate
whether the LUKS volume is currently activated, but this property is
often inaccurate beca

Improve accuracy of 'Locked' property

The 'Locked' property in the volume interface is supposed to indicate
whether the LUKS volume is currently activated, but this property is
often inaccurate because it always defaults to false upon startup
(i.e. unlocked). However, the LUKS volume is usually locked at startup.
So, client daemons can get confused when looking at the Locked
property.

This commit reworks the functionality for the 'Locked' property, so that
it checks whether the mapped virtual crypt device exists, e.g. whether
/dev/mapper/<luks_device> exists. This way, the Locked property should
better reflect the actual state.

The one caveat to keep in mind is that 'Locked' will be True even if the
device isn't formatted as a LUKS volume. If client daemons need to know
whether it's already formatted, we may want to add another property to
the Volume interface for that purpose. But in the meantime, eStoraged
already exports an EncryptionStatus property as part of the Drive
interface. So, the information is already available, if needed.

Tested:
Checked 'Locked' property at startup
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b true
Formatted the LUKS volume, then checked 'Locked' property again
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume FormatLuks ays 3 1 2 3 \
xyz.openbmc_project.Inventory.Item.Volume.FilesystemType.ext4 \
--timeout=60
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b false
Restarted eStoraged and checked 'Locked' again.
$ systemctl restart xyz.openbmc_project.eStoraged
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b false
Locked the LUKS volume, and checked 'Locked' again.
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Lock
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b true
Restarted eStoraged, and checked 'Locked' again.
$ systemctl restart xyz.openbmc_project.eStoraged
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b true

Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: I5cd6bac4b4426c0e2579c3fc8cf7a27b4f2ccc08

show more ...

Check in a clang-tidy

This should've been done when we first created the repo, but better late
than never.

Signed-off-by: Ed Tanous <edtanous@google.com>
Signed-off-by: John Edward Broadbent <jebr@

Check in a clang-tidy

This should've been done when we first created the repo, but better late
than never.

Signed-off-by: Ed Tanous <edtanous@google.com>
Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I68da1d13167ec94f9d008dea307c9f23a991d42c

show more ...

Check if mount point already exists

Typically, we create the mount point directory when we mount the
filesystem, and then we remove the directory when we unmount. Currently,
we aren't accounting for

Check if mount point already exists

Typically, we create the mount point directory when we mount the
filesystem, and then we remove the directory when we unmount. Currently,
we aren't accounting for the case where the directory already exists,
e.g. if the BMC reboots while the filesystem is mounted.

This commit adds a check to see if the directory is already present. If
so, it won't try to create the directory again.

Tested:
1. Formatted an eMMC using the FormatLuks method, which also creates the
mount point and mounts the filesystem.
2. Rebooted the BMC
3. Ran the Unlock method to unlock the LUKS device and mount the
filesystem.

Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: I3e279c653b21f570b97e4d530a19e5ae30bf8719

show more ...

Format LUKS encrypted device

This commit adds the functionality to format a new LUKS device, create a
filesystem, and mount it. Unit tests are included.

Currently, the D-Bus interface to format the

Format LUKS encrypted device

This commit adds the functionality to format a new LUKS device, create a
filesystem, and mount it. Unit tests are included.

Currently, the D-Bus interface to format the LUKS device is synchronous,
but it may need to become asynchronous, since it can take some time. The
format operation took about 20 seconds when testing it.

Tested: Ran eStoraged on a machine with an eMMC, using the following
commands:
$ /usr/bin/eStoraged -b /dev/mmcblk0 &
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Format ay 3 1 2 3
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Lock ay 3 1 2 3
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Unlock ay 3 1 2 3

Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: Ib5d0b8bb201b43a60238bfd4f13a29a6519a9f7d

show more ...