1*59dffa63SJohn Edward Broadbent #include "cryptErase.hpp" 2*59dffa63SJohn Edward Broadbent #include "cryptsetupInterface.hpp" 3*59dffa63SJohn Edward Broadbent #include "erase.hpp" 4*59dffa63SJohn Edward Broadbent 5*59dffa63SJohn Edward Broadbent #include <libcryptsetup.h> 6*59dffa63SJohn Edward Broadbent 7*59dffa63SJohn Edward Broadbent #include <phosphor-logging/lg2.hpp> 8*59dffa63SJohn Edward Broadbent #include <xyz/openbmc_project/Common/error.hpp> 9*59dffa63SJohn Edward Broadbent 10*59dffa63SJohn Edward Broadbent #include <memory> 11*59dffa63SJohn Edward Broadbent #include <string> 12*59dffa63SJohn Edward Broadbent #include <string_view> 13*59dffa63SJohn Edward Broadbent 14*59dffa63SJohn Edward Broadbent namespace estoraged 15*59dffa63SJohn Edward Broadbent { 16*59dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 17*59dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::ResourceNotFound; 18*59dffa63SJohn Edward Broadbent 19*59dffa63SJohn Edward Broadbent CryptErase::CryptErase( 20*59dffa63SJohn Edward Broadbent std::string_view devPathIn, 21*59dffa63SJohn Edward Broadbent std::unique_ptr<estoraged::CryptsetupInterface> inCryptIface) : 22*59dffa63SJohn Edward Broadbent Erase(devPathIn), 23*59dffa63SJohn Edward Broadbent cryptIface(std::move(inCryptIface)) 24*59dffa63SJohn Edward Broadbent {} 25*59dffa63SJohn Edward Broadbent 26*59dffa63SJohn Edward Broadbent void CryptErase::doErase() 27*59dffa63SJohn Edward Broadbent { 28*59dffa63SJohn Edward Broadbent /* get cryptHandle */ 29*59dffa63SJohn Edward Broadbent CryptHandle cryptHandle(std::string(devPath).c_str()); 30*59dffa63SJohn Edward Broadbent if (cryptHandle.get() == nullptr) 31*59dffa63SJohn Edward Broadbent { 32*59dffa63SJohn Edward Broadbent lg2::error("Failed to initialize crypt device", "REDFISH_MESSAGE_ID", 33*59dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 34*59dffa63SJohn Edward Broadbent throw ResourceNotFound(); 35*59dffa63SJohn Edward Broadbent } 36*59dffa63SJohn Edward Broadbent /* cryptLoad */ 37*59dffa63SJohn Edward Broadbent if (cryptIface.get()->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr) != 38*59dffa63SJohn Edward Broadbent 0) 39*59dffa63SJohn Edward Broadbent { 40*59dffa63SJohn Edward Broadbent lg2::error("Failed to load the key slots for destruction", 41*59dffa63SJohn Edward Broadbent "REDFISH_MESSAGE_ID", 42*59dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 43*59dffa63SJohn Edward Broadbent throw ResourceNotFound(); 44*59dffa63SJohn Edward Broadbent } 45*59dffa63SJohn Edward Broadbent 46*59dffa63SJohn Edward Broadbent /* find key slots */ 47*59dffa63SJohn Edward Broadbent int nKeySlots = cryptIface.get()->cryptKeySlotMax(CRYPT_LUKS2); 48*59dffa63SJohn Edward Broadbent if (nKeySlots < 0) 49*59dffa63SJohn Edward Broadbent { 50*59dffa63SJohn Edward Broadbent lg2::error("Failed to find the max keyslots", "REDFISH_MESSAGE_ID", 51*59dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 52*59dffa63SJohn Edward Broadbent throw ResourceNotFound(); 53*59dffa63SJohn Edward Broadbent } 54*59dffa63SJohn Edward Broadbent 55*59dffa63SJohn Edward Broadbent if (nKeySlots == 0) 56*59dffa63SJohn Edward Broadbent { 57*59dffa63SJohn Edward Broadbent lg2::error("Max keyslots should never be zero", "REDFISH_MESSAGE_ID", 58*59dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 59*59dffa63SJohn Edward Broadbent throw ResourceNotFound(); 60*59dffa63SJohn Edward Broadbent } 61*59dffa63SJohn Edward Broadbent 62*59dffa63SJohn Edward Broadbent /* destory working keyslots */ 63*59dffa63SJohn Edward Broadbent bool keySlotIssue = false; 64*59dffa63SJohn Edward Broadbent for (int i = 0; i < nKeySlots; i++) 65*59dffa63SJohn Edward Broadbent { 66*59dffa63SJohn Edward Broadbent crypt_keyslot_info ki = 67*59dffa63SJohn Edward Broadbent cryptIface.get()->cryptKeySlotStatus(cryptHandle.get(), i); 68*59dffa63SJohn Edward Broadbent 69*59dffa63SJohn Edward Broadbent if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) 70*59dffa63SJohn Edward Broadbent { 71*59dffa63SJohn Edward Broadbent if (cryptIface.get()->cryptKeyslotDestroy(cryptHandle.get(), i) != 72*59dffa63SJohn Edward Broadbent 0) 73*59dffa63SJohn Edward Broadbent { 74*59dffa63SJohn Edward Broadbent lg2::error( 75*59dffa63SJohn Edward Broadbent "Estoraged erase failed to destroy keyslot, continuing", 76*59dffa63SJohn Edward Broadbent "REDFISH_MESSAGE_ID", 77*59dffa63SJohn Edward Broadbent std::string("eStorageD.1.0.EraseFailure")); 78*59dffa63SJohn Edward Broadbent keySlotIssue = true; 79*59dffa63SJohn Edward Broadbent } 80*59dffa63SJohn Edward Broadbent } 81*59dffa63SJohn Edward Broadbent } 82*59dffa63SJohn Edward Broadbent if (keySlotIssue) 83*59dffa63SJohn Edward Broadbent { 84*59dffa63SJohn Edward Broadbent throw InternalFailure(); 85*59dffa63SJohn Edward Broadbent } 86*59dffa63SJohn Edward Broadbent } 87*59dffa63SJohn Edward Broadbent 88*59dffa63SJohn Edward Broadbent } // namespace estoraged 89