commit 8f706213ccc2900e1a02fedb26073065897b02c3
author Kuiying Wang <kuiying.wang@intel.com> Wed Dec 16 18:59:24 2020 +0800
committer Kuiying Wang <kuiying.wang@intel.com> Tue Dec 22 11:10:54 2020 +0800
tree 10a66b2fe3fcb543de87abe7ca5567908eb2333c
parent ce75d9e8d51cc65ad93f2ecd677e20482d4738b1

oob bios config password and bios reset

Tested:
1. Bios reset flag can be modified throw redfish
POST https://IP_ADDR/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios
{
    "ResetFlag": "Factory"
}
root@intel-obmc:~# busctl call xyz.openbmc_project.BIOSConfigManager /xyz/openbmc_project/bios_config/manager org.freedesktop.DBus.Properties Get ss xyz.openbmc_project.BIOSConfig.Manager ResetBIOSSettings
v s "xyz.openbmc_project.BIOSConfig.Manager.ResetFlag.FactoryDefaults"

2. Bios change password:
root@intel-obmc:~# cat /var/lib/bios-settings-manager/seedData
{
"UserPwdHash": "08D91157785366CDC3AA64D87E5E3C621EDAB13E26B6E484397EBA5E459E54C567BF5B1FFB36A43B6142B18F8D642E9D",
"AdminPwdHash": "08D91157785366CDC3AA64D87E5E3C621EDAB13E26B6E484397EBA5E459E54C567BF5B1FFB36A43B6142B18F8D642E9D",
"Seed": "123456",
"HashAlgo": "SHA384"
}
POST https://IP_ADDR/redfish/v1/Systems/system/Bios/Actions/Bios.ChangePassword
{
    "NewPassword": "12345678",
    "OldPassword": "1234567890",
    "PasswordName": "Administrator"
}
root@intel-obmc:~# cat /var/lib/bios-settings-manager/passwordData
{
    "CurrentPassword": "1234567890",
    "IsAdminPwdChanged": 1,
    "IsUserPwdChanged": 0,
    "NewPassword": "2DD65D57EB60B1D92C5F3D2DC84724FCEE7BC02E57AA75E834712266ED94CAC704047B2FF7CEC1C36BED280B36BB5AC6",
    "UserName": "Administrator"
}

Change-Id: Ib54b36819e49c891c6169c95d9cdaebd5bcb06f3
Signed-off-by: Kuiying Wang <kuiying.wang@intel.com>

include/password.hpp

diff --git a/include/password.hpp b/include/password.hpp
new file mode 100644
index 0000000..1b1269c
--- /dev/null
+++ b/include/password.hpp
@@ -0,0 +1,87 @@
+/*
+// Copyright (c) 2020 Intel Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+*/
+#pragma once
+#include "config.h"
+
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/sha.h>
+
+#include <nlohmann/json.hpp>
+#include <sdbusplus/asio/object_server.hpp>
+#include <sdbusplus/server.hpp>
+#include <xyz/openbmc_project/BIOSConfig/Password/server.hpp>
+
+#include <filesystem>
+#include <string>
+
+namespace bios_config_pwd
+{
+
+static constexpr auto servicePwd = "xyz.openbmc_project.BIOSConfigPassword";
+static constexpr auto objectPathPwd =
+    "/xyz/openbmc_project/bios_config/password";
+constexpr auto biosPasswordFile = "passwordData";
+constexpr auto biosSeedFile = "seedData";
+
+using Base = sdbusplus::xyz::openbmc_project::BIOSConfig::server::Password;
+namespace fs = std::filesystem;
+
+/** @class Password
+ *
+ *  @brief Implements the BIOS Password
+ */
+class Password : public Base
+{
+  public:
+    Password() = delete;
+    ~Password() = default;
+    Password(const Password&) = delete;
+    Password& operator=(const Password&) = delete;
+    Password(Password&&) = delete;
+    Password& operator=(Password&&) = delete;
+
+    /** @brief Constructs Password object.
+     *
+     *  @param[in] objectServer  - object server
+     *  @param[in] systemBus - bus connection
+     */
+    Password(sdbusplus::asio::object_server& objectServer,
+             std::shared_ptr<sdbusplus::asio::connection>& systemBus);
+
+    /** @brief Set the BIOS attribute with a new value, the new value is added
+     *         to the PendingAttribute.
+     *
+     *  @param[in] userName - User name - user / admin.
+     *  @param[in] currentPassword - Current user/ admin Password.
+     *  @param[in] newPassword - New user/ admin Password.
+     */
+    void changePassword(std::string userName, std::string currentPassword,
+                        std::string newPassword) override;
+
+  private:
+    void verifyPassword(std::string userName, std::string currentPassword,
+                        std::string newPassword);
+    bool isMatch(const std::string expected, const std::string seed,
+                 const std::string rawData, const std::string algo);
+    sdbusplus::asio::object_server& objServer;
+    std::shared_ptr<sdbusplus::asio::connection>& systemBus;
+    std::filesystem::path passwordFile;
+    std::filesystem::path seedFile;
+    std::string mNewPassword;
+};
+
+} // namespace bios_config_pwd