xref: /openbmc/phosphor-ipmi-flash/tools/updater.cpp (revision d61b0ff8)

/*
 * Copyright 2018 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "updater.hpp"

#include "firmware_handler.hpp"
#include "tool_errors.hpp"

#include <algorithm>
#include <blobs-ipmid/blobs.hpp>
#include <cstring>
#include <ipmiblob/blob_errors.hpp>
#include <memory>
#include <string>
#include <thread>

namespace host_tool
{

/* Poll an open verification session.  Handling closing the session is not yet
 * owned by this method. */
bool pollVerificationStatus(std::uint16_t session,
                            ipmiblob::BlobInterface* blob)
{
    using namespace std::chrono_literals;

    static constexpr auto verificationSleep = 5s;
    static constexpr int commandAttempts = 20;
    int attempts = 0;
    bool exitLoop = false;
    blobs::FirmwareBlobHandler::VerifyCheckResponses result =
        blobs::FirmwareBlobHandler::VerifyCheckResponses::other;

    try
    {
        /* Reach back the current status from the verification service output.
         */
        while (attempts++ < commandAttempts)
        {
            ipmiblob::StatResponse resp = blob->getStat(session);

            if (resp.metadata.size() != sizeof(std::uint8_t))
            {
                /* TODO: How do we want to handle the verification failures,
                 * because closing the session to the verify blob has a special
                 * as-of-yet not fully defined behavior.
                 */
                std::fprintf(stderr, "Received invalid metadata response!!!\n");
            }

            result =
                static_cast<blobs::FirmwareBlobHandler::VerifyCheckResponses>(
                    resp.metadata[0]);

            switch (result)
            {
                case blobs::FirmwareBlobHandler::VerifyCheckResponses::failed:
                    std::fprintf(stderr, "failed\n");
                    exitLoop = true;
                    break;
                case blobs::FirmwareBlobHandler::VerifyCheckResponses::other:
                    std::fprintf(stderr, "other\n");
                    break;
                case blobs::FirmwareBlobHandler::VerifyCheckResponses::running:
                    std::fprintf(stderr, "running\n");
                    break;
                case blobs::FirmwareBlobHandler::VerifyCheckResponses::success:
                    std::fprintf(stderr, "success\n");
                    exitLoop = true;
                    break;
                default:
                    std::fprintf(stderr, "wat\n");
            }

            if (exitLoop)
            {
                break;
            }
            std::this_thread::sleep_for(verificationSleep);
        }
    }
    catch (const ipmiblob::BlobException& b)
    {
        throw ToolException("blob exception received: " +
                            std::string(b.what()));
    }

    /* TODO: If this is reached and it's not success, it may be worth just
     * throwing a ToolException with a timeout message specifying the final
     * read's value.
     *
     * TODO: Given that excepting from certain points leaves the BMC update
     * state machine in an inconsistent state, we need to carefully evaluate
     * which exceptions from the lower layers allow one to try and delete the
     * blobs to rollback the state and progress.
     */
    return (result ==
            blobs::FirmwareBlobHandler::VerifyCheckResponses::success);
}

void updaterMain(ipmiblob::BlobInterface* blob, DataInterface* handler,
                 const std::string& imagePath, const std::string& signaturePath)
{
    /* TODO(venture): Add optional parameter to specify the flash type, default
     * to legacy for now.
     *
     * TODO(venture): Move the strings from the FirmwareHandler object to a
     * boring utils object so it will be more happly linked cleanly to both the
     * BMC and host-side.
     */
    std::string goalFirmware = "/flash/image";
    std::string hashFilename = "/flash/hash";
    std::string verifyFilename = "/flash/verify";

    /* Get list of blob_ids, check for /flash/image, or /flash/tarball.
     * TODO(venture) the mechanism doesn't care, but the caller of burn_my_bmc
     * will have in mind which they're sending and we need to verify it's
     * available and use it.
     */
    std::vector<std::string> blobs = blob->getBlobList();
    auto blobInst = std::find_if(
        blobs.begin(), blobs.end(), [&goalFirmware](const std::string& iter) {
            /* Running into weird scenarios where the string comparison doesn't
             * work.  TODO: revisit.
             */
            return (0 == std::memcmp(goalFirmware.c_str(), iter.c_str(),
                                     goalFirmware.length()));
            // return (goalFirmware.compare(iter));
        });
    if (blobInst == blobs.end())
    {
        throw ToolException(goalFirmware + " not found");
    }

    /* Call stat on /flash/image (or /flash/tarball) and check if data interface
     * is supported.
     */
    ipmiblob::StatResponse stat;
    try
    {
        stat = blob->getStat(goalFirmware);
    }
    catch (const ipmiblob::BlobException& b)
    {
        throw ToolException("blob exception received: " +
                            std::string(b.what()));
    }

    auto supported = handler->supportedType();
    if ((stat.blob_state & supported) == 0)
    {
        throw ToolException("data interface selected not supported.");
    }

    /* Yay, our data handler is supported. */

    /* Send over the firmware image. */
    std::fprintf(stderr, "Sending over the firmware image.\n");
    std::uint16_t session;
    try
    {
        session = blob->openBlob(
            goalFirmware,
            static_cast<std::uint16_t>(supported) |
                static_cast<std::uint16_t>(blobs::OpenFlags::write));
    }
    catch (const ipmiblob::BlobException& b)
    {
        throw ToolException("blob exception received: " +
                            std::string(b.what()));
    }

    if (!handler->sendContents(imagePath, session))
    {
        /* Need to close the session on failure, or it's stuck open (until the
         * blob handler timeout is implemented, and even then, why make it wait.
         */
        blob->closeBlob(session);
        throw ToolException("Failed to send contents of " + imagePath);
    }

    blob->closeBlob(session);

    /* Send over the hash contents. */
    std::fprintf(stderr, "Sending over the hash file.\n");
    try
    {
        session = blob->openBlob(
            hashFilename,
            static_cast<std::uint16_t>(supported) |
                static_cast<std::uint16_t>(blobs::OpenFlags::write));
    }
    catch (const ipmiblob::BlobException& b)
    {
        throw ToolException("blob exception received: " +
                            std::string(b.what()));
    }

    if (!handler->sendContents(signaturePath, session))
    {
        blob->closeBlob(session);
        throw ToolException("Failed to send contents of " + signaturePath);
    }

    blob->closeBlob(session);

    /* Trigger the verification by opening the verify file. */
    std::fprintf(stderr, "Opening the verification file\n");
    try
    {
        session = blob->openBlob(
            verifyFilename,
            static_cast<std::uint16_t>(supported) |
                static_cast<std::uint16_t>(blobs::OpenFlags::write));
    }
    catch (const ipmiblob::BlobException& b)
    {
        throw ToolException("blob exception received: " +
                            std::string(b.what()));
    }

    std::fprintf(
        stderr,
        "Committing to verification file to trigger verification service\n");
    try
    {
        blob->commit(session, {});
    }
    catch (const ipmiblob::BlobException& b)
    {
        throw ToolException("blob exception received: " +
                            std::string(b.what()));
    }

    std::fprintf(stderr,
                 "Calling stat on verification session to check status\n");

    if (pollVerificationStatus(session, blob))
    {
        std::fprintf(stderr, "Verification returned success\n");
    }
    else
    {
        std::fprintf(stderr, "Verification returned non-success (could still "
                             "be running (unlikely))\n");
    }

    /* DO NOT CLOSE the verification session until it's done.
     * TODO: Evaluate what closing verification should do?  If the process is
     * complete, nothing bad, maybe reset the entire state machine?  This will
     * benefit from a diagram.
     */
    blob->closeBlob(session);

    return;
}

} // namespace host_tool