Initial D-Bus interface
This sets up an initial D-Bus interface without any real functionality.
It doesn't interact with any storage hardware yet.
The yaml files are included temporarily until the
phosphor-dbus-interfaces review is complete:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/48636
The .clang-tidy file has been removed because clang-tidy can't filter
out the generated files. It should be re-enabled when we no longer need
to generate the D-Bus sources in this repo.
Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: If704e69ef7225257efc7c865424df4421999f62d
Signed-off-by: John Wedig <johnwedig@google.com>
diff --git a/xyz/openbmc_project/eStoraged.interface.yaml b/xyz/openbmc_project/eStoraged.interface.yaml
new file mode 100644
index 0000000..29bb85c
--- /dev/null
+++ b/xyz/openbmc_project/eStoraged.interface.yaml
@@ -0,0 +1,110 @@
+description: >
+ D-bus interface to manage an encrypted storage device.
+
+methods:
+ - name: Format
+ description: >
+ Format the encrypted device and create an ext4 filesystem.
+ parameters:
+ - name: Password
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ errors:
+ - self.Error.EncryptionError
+ - self.Error.FilesystemError
+
+ - name: Erase
+ description: >
+ Erase the contents of the device.
+ parameters:
+ - name: Password
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ - name: EraseType
+ type: enum[self.EraseMethod]
+ description: >
+ Describes what type of erase is done.
+ errors:
+ - self.Error.EncryptionError
+ - self.Error.EraseError
+ - self.Error.FilesystemError
+
+ - name: Lock
+ description: >
+ Unmount the filesystem, lock the device, and remove sensitive data
+ (e.g. volume key) from memory.
+ parameters:
+ - name: Password
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ errors:
+ - self.Error.EncryptionError
+ - self.Error.FilesystemError
+
+ - name: Unlock
+ description: >
+ Activate the device and mount the filesystem.
+ parameters:
+ - name: Password
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ errors:
+ - self.Error.EncryptionError
+ - self.Error.FilesystemError
+
+ - name: ChangePassword
+ description: >
+ Change the password that unlocks the storage device.
+ parameters:
+ - name: OldPassword
+ type: array[byte]
+ description: >
+ Array of bytes for the old LUKS password.
+ - name: NewPassword
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ errors:
+ - self.Error.EncryptionError
+
+properties:
+ - name: Locked
+ type: boolean
+ default: false
+ description: >
+ Indicates whether the device is locked.
+
+enumerations:
+ - name: EraseMethod
+ description: >
+ Indicates which erase method/step is being requested.
+ values:
+ - name: CryptoErase
+ description: >
+ Destroys the encryption key slots, preventing decyrption.
+ - name: VerifyGeometry
+ description: >
+ Confirms a set percent of the disk is accessible.
+ - name: LogicalOverWrite
+ description: >
+ Overwrites the disk with a reproducible incompressible pattern.
+ - name: LogicalVerify
+ description: >
+ Verifies a reproducible pattern has been written to the disk.
+ - name: VendorSanitize
+ description: >
+ Uses the sanitization provided by the device firmware.
+ - name: ZeroOverWrite
+ description: >
+ Writes zeros over the whole disk.
+ - name: ZeroVerify
+ description: >
+ Verifies the the entire disk has been zeroed.
+ - name: SecuredLocked
+ description: >
+ Locks the disk to prevent data being written to it.
+