Add TrustedModuleRequiredToBoot getter function
TrustedModuleRequiredToBoot is a Redfish ComputerSystem v1_14_0
property, determining if a working TPM is required in order to boot
the host. The TPM Required property is mapped to the "TPMEnable" D-Bus
property. The possible values for the Redfish property are "Required"
and "Disabled".
This commit will add the GET operations to the
TrustedModuleRequiredToBoot Redfish property.
(See https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/44044
for the PATCH operations for this property).
Testing:
1) Tested on HW: I manually tested retrieving the property:
$ curl -k https://${bmc}/redfish/v1/Systems/system
{
"@odata.id": "/redfish/v1/Systems/system",
"@odata.type": "#ComputerSystem.v1_14_0.ComputerSystem",
...
"Boot": {
"AutomaticRetryAttempts": 3,
"AutomaticRetryConfig": "RetryAttempts",
"AutomaticRetryConfig@Redfish.AllowableValues": [
"Disabled",
"RetryAttempts"
],
"BootSourceOverrideEnabled": "Disabled",
"BootSourceOverrideMode": "Legacy",
"BootSourceOverrideTarget": "None",
"BootSourceOverrideTarget@Redfish.AllowableValues": [
"None",
"Pxe",
"Hdd",
"Cd",
"Diags",
"BiosSetup",
"Usb"
],
"RemainingAutomaticRetryAttempts": 3,
"TrustedModuleRequiredToBoot": "Required"
},
...
TrustedModuleRequiredToBoot switches between 'Required' and 'Disabled'
values when the relevant dbus property is changed.
(D-Bus Interface: xyz.openbmc_project.Control.TPM.Policy)
(D-Bus Property: TPMEnable)
2) Redfish Validator Testing: Tested on ComputerSystem v1_14_0 schema
Validator Test everything passed and 0 failures.
Signed-off-by: Ali Ahmed <ama213000@gmail.com>
Change-Id: I7d0b9430e592d6d8ec95cd9090551fab802d8f54
diff --git a/redfish-core/lib/systems.hpp b/redfish-core/lib/systems.hpp
index 60737ce..ce7bd5b 100644
--- a/redfish-core/lib/systems.hpp
+++ b/redfish-core/lib/systems.hpp
@@ -794,6 +794,7 @@
}
return 0;
}
+
/**
* @brief Retrieves boot progress of the system
*
@@ -1246,6 +1247,107 @@
}
/**
+ * @brief Get TrustedModuleRequiredToBoot property. Determines whether or not
+ * TPM is required for booting the host.
+ *
+ * @param[in] aResp Shared pointer for generating response message.
+ *
+ * @return None.
+ */
+inline void getTrustedModuleRequiredToBoot(
+ const std::shared_ptr<bmcweb::AsyncResp>& aResp)
+{
+ BMCWEB_LOG_DEBUG << "Get TPM required to boot.";
+
+ crow::connections::systemBus->async_method_call(
+ [aResp](
+ const boost::system::error_code ec,
+ std::vector<std::pair<
+ std::string,
+ std::vector<std::pair<std::string, std::vector<std::string>>>>>&
+ subtree) {
+ if (ec)
+ {
+ BMCWEB_LOG_DEBUG
+ << "DBUS response error on TPM.Policy GetSubTree" << ec;
+ // This is an optional D-Bus object so just return if
+ // error occurs
+ return;
+ }
+ if (subtree.size() == 0)
+ {
+ // As noted above, this is an optional interface so just return
+ // if there is no instance found
+ return;
+ }
+
+ /* When there is more than one TPMEnable object... */
+ if (subtree.size() > 1)
+ {
+ BMCWEB_LOG_DEBUG
+ << "DBUS response has more than 1 TPM Enable object:"
+ << subtree.size();
+ // Throw an internal Error and return
+ messages::internalError(aResp->res);
+ return;
+ }
+
+ // Make sure the Dbus response map has a service and objectPath
+ // field
+ if (subtree[0].first.empty() || subtree[0].second.size() != 1)
+ {
+ BMCWEB_LOG_DEBUG << "TPM.Policy mapper error!";
+ messages::internalError(aResp->res);
+ return;
+ }
+
+ const std::string& path = subtree[0].first;
+ const std::string& serv = subtree[0].second.begin()->first;
+
+ // Valid TPM Enable object found, now reading the current value
+ crow::connections::systemBus->async_method_call(
+ [aResp](const boost::system::error_code ec,
+ std::variant<bool>& tpmRequired) {
+ if (ec)
+ {
+ BMCWEB_LOG_DEBUG
+ << "D-BUS response error on TPM.Policy Get" << ec;
+ messages::internalError(aResp->res);
+ return;
+ }
+
+ const bool* tpmRequiredVal =
+ std::get_if<bool>(&tpmRequired);
+
+ if (!tpmRequiredVal)
+ {
+ messages::internalError(aResp->res);
+ return;
+ }
+
+ if (*tpmRequiredVal == true)
+ {
+ aResp->res
+ .jsonValue["Boot"]["TrustedModuleRequiredToBoot"] =
+ "Required";
+ }
+ else
+ {
+ aResp->res
+ .jsonValue["Boot"]["TrustedModuleRequiredToBoot"] =
+ "Disabled";
+ }
+ },
+ serv, path, "org.freedesktop.DBus.Properties", "Get",
+ "xyz.openbmc_project.Control.TPM.Policy", "TPMEnable");
+ },
+ "xyz.openbmc_project.ObjectMapper",
+ "/xyz/openbmc_project/object_mapper",
+ "xyz.openbmc_project.ObjectMapper", "GetSubTree", "/", int32_t(0),
+ std::array<const char*, 1>{"xyz.openbmc_project.Control.TPM.Policy"});
+}
+
+/**
* @brief Sets boot properties into DBUS object(s).
*
* @param[in] aResp Shared pointer for generating response message.
@@ -2068,7 +2170,7 @@
get)([](const crow::Request&,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
asyncResp->res.jsonValue["@odata.type"] =
- "#ComputerSystem.v1_13_0.ComputerSystem";
+ "#ComputerSystem.v1_14_0.ComputerSystem";
asyncResp->res.jsonValue["Name"] = "system";
asyncResp->res.jsonValue["Id"] = "system";
asyncResp->res.jsonValue["SystemType"] = "Physical";
@@ -2179,6 +2281,7 @@
#ifdef BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE
getProvisioningStatus(asyncResp);
#endif
+ getTrustedModuleRequiredToBoot(asyncResp);
});
BMCWEB_ROUTE(app, "/redfish/v1/Systems/system/")
.privileges({{"ConfigureComponent"}})