159dffa63SJohn Edward Broadbent #include "cryptErase.hpp" 259dffa63SJohn Edward Broadbent #include "cryptsetupInterface.hpp" 359dffa63SJohn Edward Broadbent #include "erase.hpp" 459dffa63SJohn Edward Broadbent 559dffa63SJohn Edward Broadbent #include <libcryptsetup.h> 659dffa63SJohn Edward Broadbent 759dffa63SJohn Edward Broadbent #include <phosphor-logging/lg2.hpp> 859dffa63SJohn Edward Broadbent #include <xyz/openbmc_project/Common/error.hpp> 959dffa63SJohn Edward Broadbent 1059dffa63SJohn Edward Broadbent #include <memory> 1159dffa63SJohn Edward Broadbent #include <string> 1259dffa63SJohn Edward Broadbent #include <string_view> 1359dffa63SJohn Edward Broadbent 1459dffa63SJohn Edward Broadbent namespace estoraged 1559dffa63SJohn Edward Broadbent { 1659dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 1759dffa63SJohn Edward Broadbent using sdbusplus::xyz::openbmc_project::Common::Error::ResourceNotFound; 1859dffa63SJohn Edward Broadbent 1959dffa63SJohn Edward Broadbent CryptErase::CryptErase( 2059dffa63SJohn Edward Broadbent std::string_view devPathIn, 2159dffa63SJohn Edward Broadbent std::unique_ptr<estoraged::CryptsetupInterface> inCryptIface) : 2259dffa63SJohn Edward Broadbent Erase(devPathIn), 2359dffa63SJohn Edward Broadbent cryptIface(std::move(inCryptIface)) 2459dffa63SJohn Edward Broadbent {} 2559dffa63SJohn Edward Broadbent 2659dffa63SJohn Edward Broadbent void CryptErase::doErase() 2759dffa63SJohn Edward Broadbent { 2859dffa63SJohn Edward Broadbent /* get cryptHandle */ 2959dffa63SJohn Edward Broadbent CryptHandle cryptHandle(std::string(devPath).c_str()); 3059dffa63SJohn Edward Broadbent if (cryptHandle.get() == nullptr) 3159dffa63SJohn Edward Broadbent { 3259dffa63SJohn Edward Broadbent lg2::error("Failed to initialize crypt device", "REDFISH_MESSAGE_ID", 3359dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 3459dffa63SJohn Edward Broadbent throw ResourceNotFound(); 3559dffa63SJohn Edward Broadbent } 3659dffa63SJohn Edward Broadbent /* cryptLoad */ 37*82897c35SEd Tanous if (cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr) != 0) 3859dffa63SJohn Edward Broadbent { 3959dffa63SJohn Edward Broadbent lg2::error("Failed to load the key slots for destruction", 4059dffa63SJohn Edward Broadbent "REDFISH_MESSAGE_ID", 4159dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 4259dffa63SJohn Edward Broadbent throw ResourceNotFound(); 4359dffa63SJohn Edward Broadbent } 4459dffa63SJohn Edward Broadbent 4559dffa63SJohn Edward Broadbent /* find key slots */ 46*82897c35SEd Tanous int nKeySlots = cryptIface->cryptKeySlotMax(CRYPT_LUKS2); 4759dffa63SJohn Edward Broadbent if (nKeySlots < 0) 4859dffa63SJohn Edward Broadbent { 4959dffa63SJohn Edward Broadbent lg2::error("Failed to find the max keyslots", "REDFISH_MESSAGE_ID", 5059dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 5159dffa63SJohn Edward Broadbent throw ResourceNotFound(); 5259dffa63SJohn Edward Broadbent } 5359dffa63SJohn Edward Broadbent 5459dffa63SJohn Edward Broadbent if (nKeySlots == 0) 5559dffa63SJohn Edward Broadbent { 5659dffa63SJohn Edward Broadbent lg2::error("Max keyslots should never be zero", "REDFISH_MESSAGE_ID", 5759dffa63SJohn Edward Broadbent std::string("OpenBMC.0.1.EraseFailure")); 5859dffa63SJohn Edward Broadbent throw ResourceNotFound(); 5959dffa63SJohn Edward Broadbent } 6059dffa63SJohn Edward Broadbent 6159dffa63SJohn Edward Broadbent /* destory working keyslots */ 6259dffa63SJohn Edward Broadbent bool keySlotIssue = false; 6359dffa63SJohn Edward Broadbent for (int i = 0; i < nKeySlots; i++) 6459dffa63SJohn Edward Broadbent { 6559dffa63SJohn Edward Broadbent crypt_keyslot_info ki = 66*82897c35SEd Tanous cryptIface->cryptKeySlotStatus(cryptHandle.get(), i); 6759dffa63SJohn Edward Broadbent 6859dffa63SJohn Edward Broadbent if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) 6959dffa63SJohn Edward Broadbent { 70*82897c35SEd Tanous if (cryptIface->cryptKeyslotDestroy(cryptHandle.get(), i) != 0) 7159dffa63SJohn Edward Broadbent { 7259dffa63SJohn Edward Broadbent lg2::error( 7359dffa63SJohn Edward Broadbent "Estoraged erase failed to destroy keyslot, continuing", 7459dffa63SJohn Edward Broadbent "REDFISH_MESSAGE_ID", 7559dffa63SJohn Edward Broadbent std::string("eStorageD.1.0.EraseFailure")); 7659dffa63SJohn Edward Broadbent keySlotIssue = true; 7759dffa63SJohn Edward Broadbent } 7859dffa63SJohn Edward Broadbent } 7959dffa63SJohn Edward Broadbent } 8059dffa63SJohn Edward Broadbent if (keySlotIssue) 8159dffa63SJohn Edward Broadbent { 8259dffa63SJohn Edward Broadbent throw InternalFailure(); 8359dffa63SJohn Edward Broadbent } 8459dffa63SJohn Edward Broadbent } 8559dffa63SJohn Edward Broadbent 8659dffa63SJohn Edward Broadbent } // namespace estoraged 87