Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / f089ba1b6aff10fcd4e7a6e4b9809e866e0816ff^! / . / meta-quanta / meta-gbs / recipes-gbs / gbs-bmc-update / files
commitf089ba1b6aff10fcd4e7a6e4b9809e866e0816ff[log] [tgz]
authorGeorge Hung <george.hung@quantatw.com>Wed May 20 17:22:25 2020 +0800
committerAndrew Geissler <geissonator@yahoo.com>Fri Jun 12 07:59:13 2020 -0500
treef9cad88e0b2a7512c21446f2d599782aa585e30a
parenta7cfc8dc0605f16e068e2ae66ed6e81ff3369c71 [diff]
meta-quanta: gbs: inband bmc/bios image update

gbs-bmc-update and gbs-bios-update packages do
inband bmc/bios image update via Nuvoton PCI mailbox

Tested:
Set PCI mailbox memory space as writable
~# sudo setpci -d 1050:0750 04.B=02

bmc update:
~# sudo burn_my_bmc --command update --interface ipmipci
--image image-bmc --sig image-bmc.sig --type image

bios update:
~# sudo burn_my_bmc --command update --interface ipmipci
--image image-bios --sig image-bios.sig --type bios

(From meta-quanta rev: 85d9f2a992421ca981ac11c6227ceb3531a3bb1a)

Signed-off-by: George Hung <george.hung@quantatw.com>
Change-Id: I1a73f724c4cf16636c460d20c6efd409eac4e80f
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh
new file mode 100644
index 0000000..bbaf15d
--- /dev/null
+++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+sigfile="/tmp/bmc.sig"
+imagebmc="/run/initramfs/image-bmc"
+bmcimage="/run/initramfs/bmc-image"
+publickey="/etc/activationdata/OpenBMC/publickey"
+bmclog="/tmp/update-bmc.log"
+
+if [ -f $publickey ];then
+    r="$(openssl dgst -verify $publickey -sha256 -signature $sigfile $bmcimage)"
+    echo "$r" > $bmclog
+    if [[ "Verified OK" == "$r" ]]; then
+        mv $bmcimage $imagebmc
+        rm -f $sigfile
+        exit 0
+    else
+        exit 1
+    fi
+else
+    echo "No $publickey file" > $bmclog
+    exit 1
+fi

diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json
new file mode 100644
index 0000000..16c7151
--- /dev/null
+++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json

@@ -0,0 +1,21 @@
+[{
+    "blob": "/flash/image",
+    "handler": {
+        "type": "file",
+        "path": "/run/initramfs/bmc-image"
+    },
+    "actions": {
+        "preparation": {
+            "type": "skip"
+        },
+        "verification": {
+            "type": "systemd",
+            "unit": "phosphor-ipmi-flash-bmc-verify.service"
+        },
+        "update": {
+            "type": "systemd",
+            "unit": "reboot.target",
+            "mode": "replace-irreversibly"
+        }
+    }
+}]

diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service
new file mode 100644
index 0000000..574b318
--- /dev/null
+++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Phosphor-ipmi-flash bmc verify service
+
+[Service]
+ExecStart=/usr/bin/bmc-verify.sh
+Type=oneshot
+
+[Install]
+WantedBy=phosphor-ipmi-flash-bmc-verify.target