1 #pragma once 2 3 #include "cryptsetupInterface.hpp" 4 #include "filesystemInterface.hpp" 5 #include "util.hpp" 6 7 #include <libcryptsetup.h> 8 9 #include <sdbusplus/asio/object_server.hpp> 10 #include <sdbusplus/bus.hpp> 11 #include <sdbusplus/exception.hpp> 12 #include <sdbusplus/server/object.hpp> 13 #include <util.hpp> 14 #include <xyz/openbmc_project/Inventory/Item/Drive/server.hpp> 15 #include <xyz/openbmc_project/Inventory/Item/Volume/server.hpp> 16 17 #include <filesystem> 18 #include <memory> 19 #include <string> 20 #include <string_view> 21 #include <vector> 22 23 namespace estoraged 24 { 25 using estoraged::Cryptsetup; 26 using estoraged::Filesystem; 27 using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume; 28 29 /** @class eStoraged 30 * @brief eStoraged object to manage a LUKS encrypted storage device. 31 */ 32 class EStoraged 33 { 34 public: 35 /** @brief Constructor for eStoraged 36 * 37 * @param[in] server - sdbusplus asio object server 38 * @param[in] configPath - path of the config object from Entity Manager 39 * @param[in] devPath - path to device file, e.g. /dev/mmcblk0 40 * @param[in] luksName - name for the LUKS container 41 * @param[in] size - size of the drive in bytes 42 * @param[in] lifeTime - percent of lifetime remaining for a drive 43 * @param[in] cryptInterface - (optional) pointer to CryptsetupInterface 44 * object 45 * @param[in] fsInterface - (optional) pointer to FilesystemInterface 46 * object 47 */ 48 EStoraged(sdbusplus::asio::object_server& server, 49 const std::string& configPath, const std::string& devPath, 50 const std::string& luksName, uint64_t size, uint8_t lifeTime, 51 std::unique_ptr<CryptsetupInterface> cryptInterface = 52 std::make_unique<Cryptsetup>(), 53 std::unique_ptr<FilesystemInterface> fsInterface = 54 std::make_unique<Filesystem>()); 55 56 /** @brief Destructor for eStoraged. */ 57 ~EStoraged(); 58 59 EStoraged& operator=(const EStoraged&) = delete; 60 EStoraged(const EStoraged&) = delete; 61 EStoraged(EStoraged&&) = default; 62 EStoraged& operator=(EStoraged&&) = default; 63 64 /** @brief Format the LUKS encrypted device and create empty filesystem. 65 * 66 * @param[in] password - password to set for the LUKS device. 67 * @param[in] type - filesystem type, e.g. ext4 68 */ 69 void formatLuks(const std::vector<uint8_t>& password, 70 Volume::FilesystemType type); 71 72 /** @brief Erase the contents of the storage device. 73 * 74 * @param[in] eraseType - type of erase operation. 75 */ 76 void erase(Volume::EraseMethod eraseType); 77 78 /** @brief Unmount filesystem and lock the LUKS device. 79 */ 80 void lock(); 81 82 /** @brief Unlock device and mount the filesystem. 83 * 84 * @param[in] password - password for the LUKS device. 85 */ 86 void unlock(std::vector<uint8_t> password); 87 88 /** @brief Change the password for the LUKS device. 89 * 90 * @param[in] oldPassword - old password for the LUKS device. 91 * @param[in] newPassword - new password for the LUKS device. 92 */ 93 void changePassword(const std::vector<uint8_t>& oldPassword, 94 const std::vector<uint8_t>& newPassword); 95 96 /** @brief Check if the LUKS device is currently locked. */ 97 bool isLocked() const; 98 99 /** @brief Get the mount point for the filesystem on the LUKS device. */ 100 std::string_view getMountPoint() const; 101 102 private: 103 /** @brief Full path of the device file, e.g. /dev/mmcblk0. */ 104 std::string devPath; 105 106 /** @brief Name of the LUKS container. */ 107 std::string containerName; 108 109 /** @brief Mount point for the filesystem. */ 110 std::string mountPoint; 111 112 /** @brief Indicates whether the LUKS device is currently locked. */ 113 bool lockedProperty; 114 115 /** @brief Pointer to cryptsetup interface object. 116 * @details This is used to mock out the cryptsetup functions. 117 */ 118 std::unique_ptr<CryptsetupInterface> cryptIface; 119 120 /** @brief Pointer to filesystem interface object. 121 * @details This is used to mock out filesystem operations. 122 */ 123 std::unique_ptr<FilesystemInterface> fsIface; 124 125 /** @brief D-Bus object server. */ 126 sdbusplus::asio::object_server& objectServer; 127 128 /** @brief D-Bus interface for the logical volume. */ 129 std::shared_ptr<sdbusplus::asio::dbus_interface> volumeInterface; 130 131 /** @brief D-Bus interface for the physical drive. */ 132 std::shared_ptr<sdbusplus::asio::dbus_interface> driveInterface; 133 134 /** @brief Association between chassis and drive. */ 135 std::shared_ptr<sdbusplus::asio::dbus_interface> association; 136 137 /** @brief Format LUKS encrypted device. 138 * 139 * @param[in] password - password to set for the LUKS device. 140 */ 141 void formatLuksDev(std::vector<uint8_t> password); 142 143 /** @brief Unlock the device. 144 * 145 * @param[in] password - password to activate the LUKS device. 146 */ 147 void activateLuksDev(std::vector<uint8_t> password); 148 149 /** @brief Create the filesystem on the LUKS device. 150 * @details The LUKS device should already be activated, i.e. unlocked. 151 */ 152 void createFilesystem(); 153 154 /** @brief Deactivate the LUKS device. 155 * @details The filesystem is assumed to be unmounted already. 156 */ 157 void deactivateLuksDev(); 158 159 /** @brief Mount the filesystem. 160 * @details The filesystem should already exist and the LUKS device should 161 * be unlocked already. 162 */ 163 void mountFilesystem(); 164 165 /** @brief Unmount the filesystem. */ 166 void unmountFilesystem(); 167 168 /** @brief Set the locked property. 169 * 170 * @param[in] isLocked - indicates whether the LUKS device is locked. 171 */ 172 void locked(bool isLocked); 173 }; 174 175 } // namespace estoraged 176