xref: /openbmc/bios-settings-mgr/include/secureboot.hpp (revision 627c99dec58b6c5012b6c271935ad7902def9e64) 
1*627c99deSPrithvi Pai #pragma once
2*627c99deSPrithvi Pai 
3*627c99deSPrithvi Pai #include <cereal/access.hpp>
4*627c99deSPrithvi Pai #include <cereal/cereal.hpp>
5*627c99deSPrithvi Pai #include <phosphor-logging/lg2.hpp>
6*627c99deSPrithvi Pai #include <sdbusplus/asio/object_server.hpp>
7*627c99deSPrithvi Pai #include <sdbusplus/server.hpp>
8*627c99deSPrithvi Pai #include <xyz/openbmc_project/BIOSConfig/SecureBoot/server.hpp>
9*627c99deSPrithvi Pai 
10*627c99deSPrithvi Pai #include <filesystem>
11*627c99deSPrithvi Pai #include <string>
12*627c99deSPrithvi Pai 
13*627c99deSPrithvi Pai namespace fs = std::filesystem;
14*627c99deSPrithvi Pai 
15*627c99deSPrithvi Pai namespace bios_config
16*627c99deSPrithvi Pai {
17*627c99deSPrithvi Pai static constexpr auto secureBootObjectPath =
18*627c99deSPrithvi Pai     "/xyz/openbmc_project/bios_config/secure_boot";
19*627c99deSPrithvi Pai static constexpr auto secureBootPersistFile = "securebootData";
20*627c99deSPrithvi Pai 
21*627c99deSPrithvi Pai using SecureBootBase =
22*627c99deSPrithvi Pai     sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot;
23*627c99deSPrithvi Pai 
24*627c99deSPrithvi Pai class SecureBoot : public SecureBootBase
25*627c99deSPrithvi Pai {
26*627c99deSPrithvi Pai   public:
27*627c99deSPrithvi Pai     SecureBoot() = delete;
28*627c99deSPrithvi Pai     ~SecureBoot() = default;
29*627c99deSPrithvi Pai     SecureBoot(const SecureBoot&) = delete;
30*627c99deSPrithvi Pai     SecureBoot& operator=(const SecureBoot&) = delete;
31*627c99deSPrithvi Pai     SecureBoot(SecureBoot&&) = delete;
32*627c99deSPrithvi Pai     SecureBoot& operator=(SecureBoot&&) = delete;
33*627c99deSPrithvi Pai 
34*627c99deSPrithvi Pai     /** @brief Constructs SecureBoot object.
35*627c99deSPrithvi Pai      *
36*627c99deSPrithvi Pai      *  @param[in] objectServer  - object server
37*627c99deSPrithvi Pai      *  @param[in] systemBus - bus connection
38*627c99deSPrithvi Pai      *  @param[in] persistPath - path to the secureboot data file
39*627c99deSPrithvi Pai      */
40*627c99deSPrithvi Pai     SecureBoot(sdbusplus::asio::object_server& objectServer,
41*627c99deSPrithvi Pai                std::shared_ptr<sdbusplus::asio::connection>& systemBus,
42*627c99deSPrithvi Pai                std::string persistPath);
43*627c99deSPrithvi Pai 
44*627c99deSPrithvi Pai     /** @brief Indicates the UEFI Secure Boot state during the current boot
45*627c99deSPrithvi Pai      * cycle
46*627c99deSPrithvi Pai      *
47*627c99deSPrithvi Pai      *  @param[in] value - Boot Type during the current cycle
48*627c99deSPrithvi Pai      *
49*627c99deSPrithvi Pai      *  @return On success, return the CurrentBootType
50*627c99deSPrithvi Pai      */
51*627c99deSPrithvi Pai     CurrentBootType currentBoot(CurrentBootType value) override;
52*627c99deSPrithvi Pai 
53*627c99deSPrithvi Pai     /** @brief Indicates whether the UEFI Secure Boot takes effect on next boot
54*627c99deSPrithvi Pai      *
55*627c99deSPrithvi Pai      *  @param[in] value - new value for the attribute
56*627c99deSPrithvi Pai      *
57*627c99deSPrithvi Pai      *  @return On succes, return the new attribute
58*627c99deSPrithvi Pai      */
59*627c99deSPrithvi Pai     bool pendingEnable(bool value) override;
60*627c99deSPrithvi Pai 
61*627c99deSPrithvi Pai     /** @brief Indicates the current UEFI Secure Boot Mode
62*627c99deSPrithvi Pai      *
63*627c99deSPrithvi Pai      *  @param[in] value - new value for the attribute
64*627c99deSPrithvi Pai      *
65*627c99deSPrithvi Pai      *  @return On success, return the new attribute
66*627c99deSPrithvi Pai      */
67*627c99deSPrithvi Pai     ModeType mode(ModeType value) override;
68*627c99deSPrithvi Pai 
69*627c99deSPrithvi Pai   private:
70*627c99deSPrithvi Pai     sdbusplus::asio::object_server& objServer;
71*627c99deSPrithvi Pai     std::shared_ptr<sdbusplus::asio::connection>& systemBus;
72*627c99deSPrithvi Pai     std::filesystem::path secureBootFile;
73*627c99deSPrithvi Pai 
74*627c99deSPrithvi Pai     friend class cereal::access;
75*627c99deSPrithvi Pai 
76*627c99deSPrithvi Pai     /** @brief Save the SecureBoot object to the persistent storage
77*627c99deSPrithvi Pai      *
78*627c99deSPrithvi Pai      *  @param[in] archive - archive
79*627c99deSPrithvi Pai      *  @param[in] version - version
80*627c99deSPrithvi Pai      */
81*627c99deSPrithvi Pai     template <class Archive>
save(Archive & archive,const std::uint32_t version) const82*627c99deSPrithvi Pai     void save(Archive& archive, const std::uint32_t version) const
83*627c99deSPrithvi Pai     {
84*627c99deSPrithvi Pai         // version is not used currently
85*627c99deSPrithvi Pai         lg2::error("Save is called with version {VER}", "VER", version);
86*627c99deSPrithvi Pai         archive(sdbusplus::xyz::openbmc_project::BIOSConfig::server::
87*627c99deSPrithvi Pai                     SecureBoot::currentBoot(),
88*627c99deSPrithvi Pai                 sdbusplus::xyz::openbmc_project::BIOSConfig::server::
89*627c99deSPrithvi Pai                     SecureBoot::pendingEnable(),
90*627c99deSPrithvi Pai                 sdbusplus::xyz::openbmc_project::BIOSConfig::server::
91*627c99deSPrithvi Pai                     SecureBoot::mode());
92*627c99deSPrithvi Pai     }
93*627c99deSPrithvi Pai 
94*627c99deSPrithvi Pai     /** @brief Load the SecureBoot object from the persistent storage
95*627c99deSPrithvi Pai      *
96*627c99deSPrithvi Pai      *  @param[in] archive - archive
97*627c99deSPrithvi Pai      *  @param[in] version - version
98*627c99deSPrithvi Pai      */
99*627c99deSPrithvi Pai     template <class Archive>
load(Archive & archive,const std::uint32_t version)100*627c99deSPrithvi Pai     void load(Archive& archive, const std::uint32_t version)
101*627c99deSPrithvi Pai     {
102*627c99deSPrithvi Pai         (void)(version);
103*627c99deSPrithvi Pai         SecureBoot::CurrentBootType currentBootValue =
104*627c99deSPrithvi Pai             SecureBoot::CurrentBootType::Unknown;
105*627c99deSPrithvi Pai         bool enableValue = false;
106*627c99deSPrithvi Pai         SecureBoot::ModeType modeValue = SecureBoot::ModeType::Unknown;
107*627c99deSPrithvi Pai 
108*627c99deSPrithvi Pai         archive(currentBootValue, enableValue, modeValue);
109*627c99deSPrithvi Pai         sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot::
110*627c99deSPrithvi Pai             currentBoot(currentBootValue, true);
111*627c99deSPrithvi Pai         sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot::
112*627c99deSPrithvi Pai             pendingEnable(enableValue, true);
113*627c99deSPrithvi Pai         sdbusplus::xyz::openbmc_project::BIOSConfig::server::SecureBoot::mode(
114*627c99deSPrithvi Pai             modeValue, true);
115*627c99deSPrithvi Pai     }
116*627c99deSPrithvi Pai 
117*627c99deSPrithvi Pai     /** @brief Serialize the SecureBoot object to the persistent storage
118*627c99deSPrithvi Pai      */
119*627c99deSPrithvi Pai     void serialize();
120*627c99deSPrithvi Pai 
121*627c99deSPrithvi Pai     /** @brief Deserialize the SecureBoot object from the persistent storage
122*627c99deSPrithvi Pai      *
123*627c99deSPrithvi Pai      *  @return On success, return true
124*627c99deSPrithvi Pai      *  @return On failure, return false
125*627c99deSPrithvi Pai      */
126*627c99deSPrithvi Pai     bool deserialize();
127*627c99deSPrithvi Pai };
128*627c99deSPrithvi Pai } // namespace bios_config
129