xref: /openbmc/estoraged/src/erase/cryptoErase.cpp (revision 82897c35761f505c2b881f72c61f726f7d562692)
159dffa63SJohn Edward Broadbent #include "cryptErase.hpp"
259dffa63SJohn Edward Broadbent #include "cryptsetupInterface.hpp"
359dffa63SJohn Edward Broadbent #include "erase.hpp"
459dffa63SJohn Edward Broadbent 
559dffa63SJohn Edward Broadbent #include <libcryptsetup.h>
659dffa63SJohn Edward Broadbent 
759dffa63SJohn Edward Broadbent #include <phosphor-logging/lg2.hpp>
859dffa63SJohn Edward Broadbent #include <xyz/openbmc_project/Common/error.hpp>
959dffa63SJohn Edward Broadbent 
1059dffa63SJohn Edward Broadbent #include <memory>
1159dffa63SJohn Edward Broadbent #include <string>
1259dffa63SJohn Edward Broadbent #include <string_view>
1359dffa63SJohn Edward Broadbent 
1459dffa63SJohn Edward Broadbent namespace estoraged
1559dffa63SJohn Edward Broadbent {
1659dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
1759dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::ResourceNotFound;
1859dffa63SJohn Edward Broadbent 
1959dffa63SJohn Edward Broadbent CryptErase::CryptErase(
2059dffa63SJohn Edward Broadbent     std::string_view devPathIn,
2159dffa63SJohn Edward Broadbent     std::unique_ptr<estoraged::CryptsetupInterface> inCryptIface) :
2259dffa63SJohn Edward Broadbent     Erase(devPathIn),
2359dffa63SJohn Edward Broadbent     cryptIface(std::move(inCryptIface))
2459dffa63SJohn Edward Broadbent {}
2559dffa63SJohn Edward Broadbent 
2659dffa63SJohn Edward Broadbent void CryptErase::doErase()
2759dffa63SJohn Edward Broadbent {
2859dffa63SJohn Edward Broadbent     /* get cryptHandle */
2959dffa63SJohn Edward Broadbent     CryptHandle cryptHandle(std::string(devPath).c_str());
3059dffa63SJohn Edward Broadbent     if (cryptHandle.get() == nullptr)
3159dffa63SJohn Edward Broadbent     {
3259dffa63SJohn Edward Broadbent         lg2::error("Failed to initialize crypt device", "REDFISH_MESSAGE_ID",
3359dffa63SJohn Edward Broadbent                    std::string("OpenBMC.0.1.EraseFailure"));
3459dffa63SJohn Edward Broadbent         throw ResourceNotFound();
3559dffa63SJohn Edward Broadbent     }
3659dffa63SJohn Edward Broadbent     /* cryptLoad */
37*82897c35SEd Tanous     if (cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr) != 0)
3859dffa63SJohn Edward Broadbent     {
3959dffa63SJohn Edward Broadbent         lg2::error("Failed to load the key slots for destruction",
4059dffa63SJohn Edward Broadbent                    "REDFISH_MESSAGE_ID",
4159dffa63SJohn Edward Broadbent                    std::string("OpenBMC.0.1.EraseFailure"));
4259dffa63SJohn Edward Broadbent         throw ResourceNotFound();
4359dffa63SJohn Edward Broadbent     }
4459dffa63SJohn Edward Broadbent 
4559dffa63SJohn Edward Broadbent     /* find key slots */
46*82897c35SEd Tanous     int nKeySlots = cryptIface->cryptKeySlotMax(CRYPT_LUKS2);
4759dffa63SJohn Edward Broadbent     if (nKeySlots < 0)
4859dffa63SJohn Edward Broadbent     {
4959dffa63SJohn Edward Broadbent         lg2::error("Failed to find the max keyslots", "REDFISH_MESSAGE_ID",
5059dffa63SJohn Edward Broadbent                    std::string("OpenBMC.0.1.EraseFailure"));
5159dffa63SJohn Edward Broadbent         throw ResourceNotFound();
5259dffa63SJohn Edward Broadbent     }
5359dffa63SJohn Edward Broadbent 
5459dffa63SJohn Edward Broadbent     if (nKeySlots == 0)
5559dffa63SJohn Edward Broadbent     {
5659dffa63SJohn Edward Broadbent         lg2::error("Max keyslots should never be zero", "REDFISH_MESSAGE_ID",
5759dffa63SJohn Edward Broadbent                    std::string("OpenBMC.0.1.EraseFailure"));
5859dffa63SJohn Edward Broadbent         throw ResourceNotFound();
5959dffa63SJohn Edward Broadbent     }
6059dffa63SJohn Edward Broadbent 
6159dffa63SJohn Edward Broadbent     /* destory working keyslots */
6259dffa63SJohn Edward Broadbent     bool keySlotIssue = false;
6359dffa63SJohn Edward Broadbent     for (int i = 0; i < nKeySlots; i++)
6459dffa63SJohn Edward Broadbent     {
6559dffa63SJohn Edward Broadbent         crypt_keyslot_info ki =
66*82897c35SEd Tanous             cryptIface->cryptKeySlotStatus(cryptHandle.get(), i);
6759dffa63SJohn Edward Broadbent 
6859dffa63SJohn Edward Broadbent         if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST)
6959dffa63SJohn Edward Broadbent         {
70*82897c35SEd Tanous             if (cryptIface->cryptKeyslotDestroy(cryptHandle.get(), i) != 0)
7159dffa63SJohn Edward Broadbent             {
7259dffa63SJohn Edward Broadbent                 lg2::error(
7359dffa63SJohn Edward Broadbent                     "Estoraged erase failed to destroy keyslot, continuing",
7459dffa63SJohn Edward Broadbent                     "REDFISH_MESSAGE_ID",
7559dffa63SJohn Edward Broadbent                     std::string("eStorageD.1.0.EraseFailure"));
7659dffa63SJohn Edward Broadbent                 keySlotIssue = true;
7759dffa63SJohn Edward Broadbent             }
7859dffa63SJohn Edward Broadbent         }
7959dffa63SJohn Edward Broadbent     }
8059dffa63SJohn Edward Broadbent     if (keySlotIssue)
8159dffa63SJohn Edward Broadbent     {
8259dffa63SJohn Edward Broadbent         throw InternalFailure();
8359dffa63SJohn Edward Broadbent     }
8459dffa63SJohn Edward Broadbent }
8559dffa63SJohn Edward Broadbent 
8659dffa63SJohn Edward Broadbent } // namespace estoraged
87