xref: /openbmc/estoraged/include/estoraged.hpp (revision 740e94bd) 
1 #pragma once
2 
3 #include "cryptsetupInterface.hpp"
4 #include "filesystemInterface.hpp"
5 #include "util.hpp"
6 
7 #include <libcryptsetup.h>
8 
9 #include <sdbusplus/asio/object_server.hpp>
10 #include <sdbusplus/bus.hpp>
11 #include <sdbusplus/exception.hpp>
12 #include <sdbusplus/server/object.hpp>
13 #include <util.hpp>
14 #include <xyz/openbmc_project/Inventory/Item/Drive/server.hpp>
15 #include <xyz/openbmc_project/Inventory/Item/Volume/server.hpp>
16 
17 #include <filesystem>
18 #include <memory>
19 #include <string>
20 #include <string_view>
21 #include <vector>
22 
23 namespace estoraged
24 {
25 using estoraged::Cryptsetup;
26 using estoraged::Filesystem;
27 using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Drive;
28 using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume;
29 
30 /** @class eStoraged
31  *  @brief eStoraged object to manage a LUKS encrypted storage device.
32  */
33 class EStoraged
34 {
35   public:
36     /** @brief Constructor for eStoraged
37      *
38      *  @param[in] server - sdbusplus asio object server
39      *  @param[in] configPath - path of the config object from Entity Manager
40      *  @param[in] devPath - path to device file, e.g. /dev/mmcblk0
41      *  @param[in] luksName - name for the LUKS container
42      *  @param[in] size - size of the drive in bytes
43      *  @param[in] lifeTime - percent of lifetime remaining for a drive
44      *  @param[in] cryptInterface - (optional) pointer to CryptsetupInterface
45      *    object
46      *  @param[in] fsInterface - (optional) pointer to FilesystemInterface
47      *    object
48      */
49     EStoraged(sdbusplus::asio::object_server& server,
50               const std::string& configPath, const std::string& devPath,
51               const std::string& luksName, uint64_t size, uint8_t lifeTime,
52               std::unique_ptr<CryptsetupInterface> cryptInterface =
53                   std::make_unique<Cryptsetup>(),
54               std::unique_ptr<FilesystemInterface> fsInterface =
55                   std::make_unique<Filesystem>());
56 
57     /** @brief Destructor for eStoraged. */
58     ~EStoraged();
59 
60     EStoraged& operator=(const EStoraged&) = delete;
61     EStoraged(const EStoraged&) = delete;
62     EStoraged(EStoraged&&) = default;
63     EStoraged& operator=(EStoraged&&) = default;
64 
65     /** @brief Format the LUKS encrypted device and create empty filesystem.
66      *
67      *  @param[in] password - password to set for the LUKS device.
68      *  @param[in] type - filesystem type, e.g. ext4
69      */
70     void formatLuks(const std::vector<uint8_t>& password,
71                     Volume::FilesystemType type);
72 
73     /** @brief Erase the contents of the storage device.
74      *
75      *  @param[in] eraseType - type of erase operation.
76      */
77     void erase(Volume::EraseMethod eraseType);
78 
79     /** @brief Unmount filesystem and lock the LUKS device.
80      */
81     void lock();
82 
83     /** @brief Unlock device and mount the filesystem.
84      *
85      *  @param[in] password - password for the LUKS device.
86      */
87     void unlock(std::vector<uint8_t> password);
88 
89     /** @brief Change the password for the LUKS device.
90      *
91      *  @param[in] oldPassword - old password for the LUKS device.
92      *  @param[in] newPassword - new password for the LUKS device.
93      */
94     void changePassword(const std::vector<uint8_t>& oldPassword,
95                         const std::vector<uint8_t>& newPassword);
96 
97     /** @brief Check if the LUKS device is currently locked. */
98     bool isLocked() const;
99 
100     /** @brief Get the mount point for the filesystem on the LUKS device. */
101     std::string_view getMountPoint() const;
102 
103   private:
104     /** @brief Full path of the device file, e.g. /dev/mmcblk0. */
105     std::string devPath;
106 
107     /** @brief Name of the LUKS container. */
108     std::string containerName;
109 
110     /** @brief Mount point for the filesystem. */
111     std::string mountPoint;
112 
113     /** @brief Indicates whether the LUKS device is currently locked. */
114     bool lockedProperty;
115 
116     /** @brief Pointer to cryptsetup interface object.
117      *  @details This is used to mock out the cryptsetup functions.
118      */
119     std::unique_ptr<CryptsetupInterface> cryptIface;
120 
121     /** @brief Pointer to filesystem interface object.
122      *  @details This is used to mock out filesystem operations.
123      */
124     std::unique_ptr<FilesystemInterface> fsIface;
125 
126     /** @brief D-Bus object server. */
127     sdbusplus::asio::object_server& objectServer;
128 
129     /** @brief D-Bus interface for the logical volume. */
130     std::shared_ptr<sdbusplus::asio::dbus_interface> volumeInterface;
131 
132     /** @brief D-Bus interface for the physical drive. */
133     std::shared_ptr<sdbusplus::asio::dbus_interface> driveInterface;
134 
135     /** @brief D-Bus interface for the location of the drive. */
136     std::shared_ptr<sdbusplus::asio::dbus_interface> locationInterface;
137 
138     /** @brief Association between chassis and drive. */
139     std::shared_ptr<sdbusplus::asio::dbus_interface> association;
140 
141     /** @brief Indicates whether the LUKS header is on the disk. */
142     Drive::DriveEncryptionState encryptionStatus;
143 
144     /** @brief Format LUKS encrypted device.
145      *
146      *  @param[in] password - password to set for the LUKS device.
147      */
148     void formatLuksDev(std::vector<uint8_t> password);
149 
150     /** @brief check the LUKS header, for devPath
151      *
152      *  @returns a CryptHandle to the LUKS drive
153      */
154     CryptHandle loadLuksHeader();
155 
156     /** @brief Unlock the device.
157      *
158      *  @param[in] password - password to activate the LUKS device.
159      */
160 
161     Drive::DriveEncryptionState findEncryptionStatus();
162 
163     void activateLuksDev(std::vector<uint8_t> password);
164 
165     /** @brief Create the filesystem on the LUKS device.
166      *  @details The LUKS device should already be activated, i.e. unlocked.
167      */
168     void createFilesystem();
169 
170     /** @brief Deactivate the LUKS device.
171      *  @details The filesystem is assumed to be unmounted already.
172      */
173     void deactivateLuksDev();
174 
175     /** @brief Mount the filesystem.
176      *  @details The filesystem should already exist and the LUKS device should
177      *  be unlocked already.
178      */
179     void mountFilesystem();
180 
181     /** @brief Unmount the filesystem. */
182     void unmountFilesystem();
183 
184     /** @brief Set the locked property.
185      *
186      *  @param[in] isLocked - indicates whether the LUKS device is locked.
187      */
188     void locked(bool isLocked);
189 };
190 
191 } // namespace estoraged
192