1 #pragma once 2 3 #include "cryptsetupInterface.hpp" 4 #include "filesystemInterface.hpp" 5 #include "util.hpp" 6 7 #include <libcryptsetup.h> 8 9 #include <sdbusplus/asio/object_server.hpp> 10 #include <sdbusplus/bus.hpp> 11 #include <sdbusplus/exception.hpp> 12 #include <sdbusplus/server/object.hpp> 13 #include <util.hpp> 14 #include <xyz/openbmc_project/Inventory/Item/Drive/server.hpp> 15 #include <xyz/openbmc_project/Inventory/Item/Volume/server.hpp> 16 17 #include <filesystem> 18 #include <memory> 19 #include <string> 20 #include <string_view> 21 #include <vector> 22 23 namespace estoraged 24 { 25 using estoraged::Cryptsetup; 26 using estoraged::Filesystem; 27 using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume; 28 29 /** @class eStoraged 30 * @brief eStoraged object to manage a LUKS encrypted storage device. 31 */ 32 class EStoraged 33 { 34 public: 35 /** @brief Constructor for eStoraged 36 * 37 * @param[in] server - sdbusplus asio object server 38 * @param[in] devPath - path to device file, e.g. /dev/mmcblk0 39 * @param[in] luksName - name for the LUKS container 40 * @param[in] size - size of the drive in bytes 41 * @param[in] lifeTime - percent of lifetime remaining for a drive 42 * @param[in] cryptInterface - (optional) pointer to CryptsetupInterface 43 * object 44 * @param[in] fsInterface - (optional) pointer to FilesystemInterface 45 * object 46 */ 47 EStoraged(sdbusplus::asio::object_server& server, 48 const std::string& devPath, const std::string& luksName, 49 uint64_t size, uint8_t lifeTime, 50 std::unique_ptr<CryptsetupInterface> cryptInterface = 51 std::make_unique<Cryptsetup>(), 52 std::unique_ptr<FilesystemInterface> fsInterface = 53 std::make_unique<Filesystem>()); 54 55 /** @brief Destructor for eStoraged. */ 56 ~EStoraged(); 57 58 EStoraged& operator=(const EStoraged&) = delete; 59 EStoraged(const EStoraged&) = delete; 60 EStoraged(EStoraged&&) = default; 61 EStoraged& operator=(EStoraged&&) = default; 62 63 /** @brief Format the LUKS encrypted device and create empty filesystem. 64 * 65 * @param[in] password - password to set for the LUKS device. 66 * @param[in] type - filesystem type, e.g. ext4 67 */ 68 void formatLuks(const std::vector<uint8_t>& password, 69 Volume::FilesystemType type); 70 71 /** @brief Erase the contents of the storage device. 72 * 73 * @param[in] eraseType - type of erase operation. 74 */ 75 void erase(Volume::EraseMethod eraseType); 76 77 /** @brief Unmount filesystem and lock the LUKS device. 78 */ 79 void lock(); 80 81 /** @brief Unlock device and mount the filesystem. 82 * 83 * @param[in] password - password for the LUKS device. 84 */ 85 void unlock(std::vector<uint8_t> password); 86 87 /** @brief Change the password for the LUKS device. 88 * 89 * @param[in] oldPassword - old password for the LUKS device. 90 * @param[in] newPassword - new password for the LUKS device. 91 */ 92 void changePassword(const std::vector<uint8_t>& oldPassword, 93 const std::vector<uint8_t>& newPassword); 94 95 /** @brief Check if the LUKS device is currently locked. */ 96 bool isLocked() const; 97 98 /** @brief Get the mount point for the filesystem on the LUKS device. */ 99 std::string_view getMountPoint() const; 100 101 private: 102 /** @brief Full path of the device file, e.g. /dev/mmcblk0. */ 103 std::string devPath; 104 105 /** @brief Name of the LUKS container. */ 106 std::string containerName; 107 108 /** @brief Mount point for the filesystem. */ 109 std::string mountPoint; 110 111 /** @brief Indicates whether the LUKS device is currently locked. */ 112 bool lockedProperty; 113 114 /** @brief Pointer to cryptsetup interface object. 115 * @details This is used to mock out the cryptsetup functions. 116 */ 117 std::unique_ptr<CryptsetupInterface> cryptIface; 118 119 /** @brief Pointer to filesystem interface object. 120 * @details This is used to mock out filesystem operations. 121 */ 122 std::unique_ptr<FilesystemInterface> fsIface; 123 124 /** @brief D-Bus object server. */ 125 sdbusplus::asio::object_server& objectServer; 126 127 /** @brief D-Bus interface for the logical volume. */ 128 std::shared_ptr<sdbusplus::asio::dbus_interface> volumeInterface; 129 130 /** @brief D-Bus interface for the physical drive. */ 131 std::shared_ptr<sdbusplus::asio::dbus_interface> driveInterface; 132 133 /** @brief Format LUKS encrypted device. 134 * 135 * @param[in] password - password to set for the LUKS device. 136 */ 137 void formatLuksDev(std::vector<uint8_t> password); 138 139 /** @brief Unlock the device. 140 * 141 * @param[in] password - password to activate the LUKS device. 142 */ 143 void activateLuksDev(std::vector<uint8_t> password); 144 145 /** @brief Create the filesystem on the LUKS device. 146 * @details The LUKS device should already be activated, i.e. unlocked. 147 */ 148 void createFilesystem(); 149 150 /** @brief Deactivate the LUKS device. 151 * @details The filesystem is assumed to be unmounted already. 152 */ 153 void deactivateLuksDev(); 154 155 /** @brief Mount the filesystem. 156 * @details The filesystem should already exist and the LUKS device should 157 * be unlocked already. 158 */ 159 void mountFilesystem(); 160 161 /** @brief Unmount the filesystem. */ 162 void unmountFilesystem(); 163 164 /** @brief Set the locked property. 165 * 166 * @param[in] isLocked - indicates whether the LUKS device is locked. 167 */ 168 void locked(bool isLocked); 169 }; 170 171 } // namespace estoraged 172