Improve accuracy of 'Locked' property
The 'Locked' property in the volume interface is supposed to indicate
whether the LUKS volume is currently activated, but this property is
often inaccurate because it always defaults to false upon startup
(i.e. unlocked). However, the LUKS volume is usually locked at startup.
So, client daemons can get confused when looking at the Locked
property.
This commit reworks the functionality for the 'Locked' property, so that
it checks whether the mapped virtual crypt device exists, e.g. whether
/dev/mapper/<luks_device> exists. This way, the Locked property should
better reflect the actual state.
The one caveat to keep in mind is that 'Locked' will be True even if the
device isn't formatted as a LUKS volume. If client daemons need to know
whether it's already formatted, we may want to add another property to
the Volume interface for that purpose. But in the meantime, eStoraged
already exports an EncryptionStatus property as part of the Drive
interface. So, the information is already available, if needed.
Tested:
Checked 'Locked' property at startup
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b true
Formatted the LUKS volume, then checked 'Locked' property again
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume FormatLuks ays 3 1 2 3 \
xyz.openbmc_project.Inventory.Item.Volume.FilesystemType.ext4 \
--timeout=60
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b false
Restarted eStoraged and checked 'Locked' again.
$ systemctl restart xyz.openbmc_project.eStoraged
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b false
Locked the LUKS volume, and checked 'Locked' again.
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Lock
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b true
Restarted eStoraged, and checked 'Locked' again.
$ systemctl restart xyz.openbmc_project.eStoraged
$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Locked
b true
Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: I5cd6bac4b4426c0e2579c3fc8cf7a27b4f2ccc08
diff --git a/include/filesystemInterface.hpp b/include/filesystemInterface.hpp
index 12495cd..d5de5e8 100644
--- a/include/filesystemInterface.hpp
+++ b/include/filesystemInterface.hpp
@@ -27,11 +27,11 @@
/** @brief Runs the mkfs command to create the filesystem.
* @details Used for mocking purposes.
*
- * @param[in] logicalVolume - name of the mapped LUKS device.
+ * @param[in] logicalVolumePath - path to the mapped LUKS device.
*
* @returns 0 on success, nonzero on failure.
*/
- virtual int runMkfs(const std::string& logicalVolume) = 0;
+ virtual int runMkfs(const std::string& logicalVolumePath) = 0;
/** @brief Wrapper around mount().
* @details Used for mocking purposes.
@@ -101,9 +101,9 @@
Filesystem(Filesystem&&) = delete;
Filesystem& operator=(Filesystem&&) = delete;
- int runMkfs(const std::string& logicalVolume) override
+ int runMkfs(const std::string& logicalVolumePath) override
{
- std::string mkfsCommand("mkfs.ext4 /dev/mapper/" + logicalVolume);
+ std::string mkfsCommand("mkfs.ext4 " + logicalVolumePath);
// calling 'system' uses a command processor //NOLINTNEXTLINE
return system(mkfsCommand.c_str());
}