clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: Ic16d6d63213bbdd91fcb8f5aa986b66865efda2f
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

reduce dbus string constants

There are a large number of dbus constants scattered throughout the
code that could/should be obtained from phosphor-dbus-interface values.
Perform minor refactoring to

reduce dbus string constants

There are a large number of dbus constants scattered throughout the
code that could/should be obtained from phosphor-dbus-interface values.
Perform minor refactoring to greatly reduce the number of string
constants.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie8700bc90611d21eee7160f4686bc978fe0a0eb4

show more ...

sdbus++: use non-deprecated namespaces

The sdbusplus repository has deprecated some namespaces and they are
currently only enabled with the SDBUSPP_REMOVE_DEPRECATED_NAMESPACE
guard. Switch to the

sdbus++: use non-deprecated namespaces

The sdbusplus repository has deprecated some namespaces and they are
currently only enabled with the SDBUSPP_REMOVE_DEPRECATED_NAMESPACE
guard. Switch to the new namespace names.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I9f67e74a02616d8ea2241c18758308f2b669672d

show more ...

Check the TPM measurement if TPM is present

Perform the TPM Measurement Check only if TPM is present. This commit
adds a new option to provide the sysfs TPM device tree path, which will
be used to v

Check the TPM measurement if TPM is present

Perform the TPM Measurement Check only if TPM is present. This commit
adds a new option to provide the sysfs TPM device tree path, which will
be used to verify TPM's presence. If the device tree path doesn't exist,
it indicates that TPM is not present.

Tested: Tested on a system with TPM device present and on system that
didn't have it present and verified expected behavior on both.

Change-Id: I108f05cc5bafd90cda5a82146b93e2371765b9aa
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>

show more ...

secure-boot: Log an error if TPM measurement fails

Log an error if the TPM measurement fails due to the absence or
invalid value of the file '/sys/class/tpm/tpm0/pcr-sha256/0'.

Tested:
Verified tha

secure-boot: Log an error if TPM measurement fails

Log an error if the TPM measurement fails due to the absence or
invalid value of the file '/sys/class/tpm/tpm0/pcr-sha256/0'.

Tested:
Verified that an error is logged when '/sys/class/tpm/tpm0/pcr-sha256/0'
is absent, empty, or has a value of 0, indicating that the TPM
measurement has failed.
```
"Severity" : {
"type" : "s",
"data" : "xyz.openbmc_project.Logging.Entry.Level.Error"
},
"Message" : {
"type" : "s",
"data" : "xyz.openbmc_project.State.Error.TpmMeasurementFail"
},
"AdditionalData" : {
"type" : "as",
"data" : [
"ERROR=TPM measurement value is empty: /sys/class/tpm/tpm0/pcr-sha256/0",
"_PID=501"
]
},
```

Change-Id: I9be610a9b473a529b09feec6643ec65b58a62907
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>

show more ...

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I41103c892db258a85640aa1442acd9a295c8a847

show more ...

update to latest openbmc clang format standards

Signed-off-by: Andrew Geissler <andrewg@us.ibm.com>
Change-Id: Ibb0e97e8850bbd3c1eff82f4630328e2b5d15220

secure-boot: log warning error when insecure

Tested:
- Verified that when QuiesceOnHwError was true and values were
incorrect, that log was created with relevant FFDC.

"Severity" : {
"type" :

secure-boot: log warning error when insecure

Tested:
- Verified that when QuiesceOnHwError was true and values were
incorrect, that log was created with relevant FFDC.

"Severity" : {
"type" : "s",
"data" : "xyz.openbmc_project.Logging.Entry.Level.Warning"
},
"Message" : {
"type" : "s",
"data" : "xyz.openbmc_project.State.Error.SecurityCheckFail"
},
"AdditionalData" : {
"type" : "as",
"data" : [
"SECURE_BOOT_GPIO=0",
"SYSFS_ABR_IMAGE_VAL=0",
"SYSFS_SECURE_BOOT_VAL=0",
"_PID=1015"
]
},

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifc11f4e07c3456c62b4cae0b047c4077a97676bc

show more ...

secure-boot: check for manufacturing environment

This check is meant to be a "hey you didn't provision the system
correctly" type warning for the team building the system in a
manufacturing environm

secure-boot: check for manufacturing environment

This check is meant to be a "hey you didn't provision the system
correctly" type warning for the team building the system in a
manufacturing environment. There are other fundamental things that will
not work when a system is not secure. This check is just meant to be a
more user-friendly version so the team building the system can quickly
be notified that they've forgotten something.

There is no be-all "manufacturing environment" setting within OpenBMC so
utilize the one most often used within manufacturing to ensure a system
does not ship with any errors, the QuiesceOnHwError property.

Tested:
- Loaded application in QEMU, verified when QuiesceOnHwError was false
and security settings were incorrect, no journal entry error was made.
- Verified when QuiesceOnHwError was true, and security settings were
incorrect, that the "The system is not secure" entry was in the
journal.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I558e28593f30a939a39fb5cc5e201047c0b9e47b

show more ...

secure-boot: check sysfs debug settings

These aspeed-specific settings are provided via the kernels sysfs
filesystem. They provide information on the security of the BMC.

Follow on commits will che

secure-boot: check sysfs debug settings

These aspeed-specific settings are provided via the kernels sysfs
filesystem. They provide information on the security of the BMC.

Follow on commits will check if the BMC is in manufacturing mode and log
an error if the system does not pass the security check.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Iddcc09dc34133806abe33570c5422bde51981bdb

show more ...

secure-boot: initial basic app to check gpio

The basic requirement is to utilize the new bmc-secure-boot GPIO
defined within this patch[1]. If the GPIO is found, then verify the
system is in secure

secure-boot: initial basic app to check gpio

The basic requirement is to utilize the new bmc-secure-boot GPIO
defined within this patch[1]. If the GPIO is found, then verify the
system is in secure mode by validating the GPIO reads 1. If it’s not
a 1, then log an error.

Similarly the code will also look at sysfs files created via the
kernel. An error will be logged if these sysfs files do not return
the expected security readings.

The above checks will only be run in a manufacturing environment.

See https://lists.ozlabs.org/pipermail/openbmc/2022-February/029479.html
for the mailing list discussion on this feature.

[1]: https://github.com/openbmc/docs/commit/d55349e10ec2432886b26b00322ef0eaff2b919a

Change-Id: I75ae6ba8541b6a13922ce6b45f82ee6cfca83b1d
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...