xref: /openbmc/estoraged/src/erase/cryptoErase.cpp (revision 15b63e12bdc3f3116fb841349dd4f1cd17a8398b) 
159dffa63SJohn Edward Broadbent #include "cryptErase.hpp"
259dffa63SJohn Edward Broadbent #include "cryptsetupInterface.hpp"
359dffa63SJohn Edward Broadbent #include "erase.hpp"
459dffa63SJohn Edward Broadbent 
559dffa63SJohn Edward Broadbent #include <libcryptsetup.h>
659dffa63SJohn Edward Broadbent 
759dffa63SJohn Edward Broadbent #include <phosphor-logging/lg2.hpp>
859dffa63SJohn Edward Broadbent #include <xyz/openbmc_project/Common/error.hpp>
959dffa63SJohn Edward Broadbent 
1059dffa63SJohn Edward Broadbent #include <memory>
1159dffa63SJohn Edward Broadbent #include <string>
1259dffa63SJohn Edward Broadbent #include <string_view>
1359dffa63SJohn Edward Broadbent 
1459dffa63SJohn Edward Broadbent namespace estoraged
1559dffa63SJohn Edward Broadbent {
1659dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
1759dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::ResourceNotFound;
1859dffa63SJohn Edward Broadbent 
CryptErase(std::string_view devPathIn,std::unique_ptr<estoraged::CryptsetupInterface> inCryptIface)1959dffa63SJohn Edward Broadbent CryptErase::CryptErase(
2059dffa63SJohn Edward Broadbent     std::string_view devPathIn,
2159dffa63SJohn Edward Broadbent     std::unique_ptr<estoraged::CryptsetupInterface> inCryptIface) :
22*15b63e12SPatrick Williams     Erase(devPathIn), cryptIface(std::move(inCryptIface))
2359dffa63SJohn Edward Broadbent {}
2459dffa63SJohn Edward Broadbent 
doErase()2559dffa63SJohn Edward Broadbent void CryptErase::doErase()
2659dffa63SJohn Edward Broadbent {
2759dffa63SJohn Edward Broadbent     /* get cryptHandle */
28b2c86be3SJohn Edward Broadbent     CryptHandle cryptHandle{devPath};
2959dffa63SJohn Edward Broadbent     /* cryptLoad */
3082897c35SEd Tanous     if (cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr) != 0)
3159dffa63SJohn Edward Broadbent     {
3259dffa63SJohn Edward Broadbent         lg2::error("Failed to load the key slots for destruction",
3359dffa63SJohn Edward Broadbent                    "REDFISH_MESSAGE_ID",
3459dffa63SJohn Edward Broadbent                    std::string("OpenBMC.0.1.EraseFailure"));
3559dffa63SJohn Edward Broadbent         throw ResourceNotFound();
3659dffa63SJohn Edward Broadbent     }
3759dffa63SJohn Edward Broadbent 
3859dffa63SJohn Edward Broadbent     /* find key slots */
3982897c35SEd Tanous     int nKeySlots = cryptIface->cryptKeySlotMax(CRYPT_LUKS2);
4059dffa63SJohn Edward Broadbent     if (nKeySlots < 0)
4159dffa63SJohn Edward Broadbent     {
4259dffa63SJohn Edward Broadbent         lg2::error("Failed to find the max keyslots", "REDFISH_MESSAGE_ID",
4359dffa63SJohn Edward Broadbent                    std::string("OpenBMC.0.1.EraseFailure"));
4459dffa63SJohn Edward Broadbent         throw ResourceNotFound();
4559dffa63SJohn Edward Broadbent     }
4659dffa63SJohn Edward Broadbent 
4759dffa63SJohn Edward Broadbent     if (nKeySlots == 0)
4859dffa63SJohn Edward Broadbent     {
4959dffa63SJohn Edward Broadbent         lg2::error("Max keyslots should never be zero", "REDFISH_MESSAGE_ID",
5059dffa63SJohn Edward Broadbent                    std::string("OpenBMC.0.1.EraseFailure"));
5159dffa63SJohn Edward Broadbent         throw ResourceNotFound();
5259dffa63SJohn Edward Broadbent     }
5359dffa63SJohn Edward Broadbent 
54d4554f2aSManojkiran Eda     /* destroy working keyslots */
5559dffa63SJohn Edward Broadbent     bool keySlotIssue = false;
5659dffa63SJohn Edward Broadbent     for (int i = 0; i < nKeySlots; i++)
5759dffa63SJohn Edward Broadbent     {
5859dffa63SJohn Edward Broadbent         crypt_keyslot_info ki =
5982897c35SEd Tanous             cryptIface->cryptKeySlotStatus(cryptHandle.get(), i);
6059dffa63SJohn Edward Broadbent 
6159dffa63SJohn Edward Broadbent         if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST)
6259dffa63SJohn Edward Broadbent         {
6382897c35SEd Tanous             if (cryptIface->cryptKeyslotDestroy(cryptHandle.get(), i) != 0)
6459dffa63SJohn Edward Broadbent             {
6559dffa63SJohn Edward Broadbent                 lg2::error(
6659dffa63SJohn Edward Broadbent                     "Estoraged erase failed to destroy keyslot, continuing",
6759dffa63SJohn Edward Broadbent                     "REDFISH_MESSAGE_ID",
6859dffa63SJohn Edward Broadbent                     std::string("eStorageD.1.0.EraseFailure"));
6959dffa63SJohn Edward Broadbent                 keySlotIssue = true;
7059dffa63SJohn Edward Broadbent             }
7159dffa63SJohn Edward Broadbent         }
7259dffa63SJohn Edward Broadbent     }
7359dffa63SJohn Edward Broadbent     if (keySlotIssue)
7459dffa63SJohn Edward Broadbent     {
7559dffa63SJohn Edward Broadbent         throw InternalFailure();
7659dffa63SJohn Edward Broadbent     }
7759dffa63SJohn Edward Broadbent }
7859dffa63SJohn Edward Broadbent 
7959dffa63SJohn Edward Broadbent } // namespace estoraged
80