xref: /openbmc/estoraged/src/erase/cryptoErase.cpp (revision 15b63e12bdc3f3116fb841349dd4f1cd17a8398b)
1 #include "cryptErase.hpp"
2 #include "cryptsetupInterface.hpp"
3 #include "erase.hpp"
4 
5 #include <libcryptsetup.h>
6 
7 #include <phosphor-logging/lg2.hpp>
8 #include <xyz/openbmc_project/Common/error.hpp>
9 
10 #include <memory>
11 #include <string>
12 #include <string_view>
13 
14 namespace estoraged
15 {
16 using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
17 using sdbusplus::xyz::openbmc_project::Common::Error::ResourceNotFound;
18 
CryptErase(std::string_view devPathIn,std::unique_ptr<estoraged::CryptsetupInterface> inCryptIface)19 CryptErase::CryptErase(
20     std::string_view devPathIn,
21     std::unique_ptr<estoraged::CryptsetupInterface> inCryptIface) :
22     Erase(devPathIn), cryptIface(std::move(inCryptIface))
23 {}
24 
doErase()25 void CryptErase::doErase()
26 {
27     /* get cryptHandle */
28     CryptHandle cryptHandle{devPath};
29     /* cryptLoad */
30     if (cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr) != 0)
31     {
32         lg2::error("Failed to load the key slots for destruction",
33                    "REDFISH_MESSAGE_ID",
34                    std::string("OpenBMC.0.1.EraseFailure"));
35         throw ResourceNotFound();
36     }
37 
38     /* find key slots */
39     int nKeySlots = cryptIface->cryptKeySlotMax(CRYPT_LUKS2);
40     if (nKeySlots < 0)
41     {
42         lg2::error("Failed to find the max keyslots", "REDFISH_MESSAGE_ID",
43                    std::string("OpenBMC.0.1.EraseFailure"));
44         throw ResourceNotFound();
45     }
46 
47     if (nKeySlots == 0)
48     {
49         lg2::error("Max keyslots should never be zero", "REDFISH_MESSAGE_ID",
50                    std::string("OpenBMC.0.1.EraseFailure"));
51         throw ResourceNotFound();
52     }
53 
54     /* destroy working keyslots */
55     bool keySlotIssue = false;
56     for (int i = 0; i < nKeySlots; i++)
57     {
58         crypt_keyslot_info ki =
59             cryptIface->cryptKeySlotStatus(cryptHandle.get(), i);
60 
61         if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST)
62         {
63             if (cryptIface->cryptKeyslotDestroy(cryptHandle.get(), i) != 0)
64             {
65                 lg2::error(
66                     "Estoraged erase failed to destroy keyslot, continuing",
67                     "REDFISH_MESSAGE_ID",
68                     std::string("eStorageD.1.0.EraseFailure"));
69                 keySlotIssue = true;
70             }
71         }
72     }
73     if (keySlotIssue)
74     {
75         throw InternalFailure();
76     }
77 }
78 
79 } // namespace estoraged
80