Add DriveEncryptionState property

Tested:
Verify the property is as expected (Encrypted). Then wipe the disk, and
re-check the value to verify it is as expected (unknown).

$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Drive EncryptionStatus s \
"xyz.openbmc_project.Inventory.Item.Drive.DriveEncryptionState.Encrypted"

$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Erase s \
xyz.openbmc_project.Inventory.Item.Volume.EraseMethod.VendorSanitize

$ busctl get-property xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Drive EncryptionStatus s \
"xyz.openbmc_project.Inventory.Item.Drive.DriveEncryptionState.Unknown"

Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I4abba7a1e7f047c481aaf4938b2b1e2b7d7ec6be
diff --git a/include/estoraged.hpp b/include/estoraged.hpp
index c843a3b..2db260f 100644
--- a/include/estoraged.hpp
+++ b/include/estoraged.hpp
@@ -24,6 +24,7 @@
 {
 using estoraged::Cryptsetup;
 using estoraged::Filesystem;
+using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Drive;
 using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume;
 
 /** @class eStoraged
@@ -134,16 +135,28 @@
     /** @brief Association between chassis and drive. */
     std::shared_ptr<sdbusplus::asio::dbus_interface> association;
 
+    /** @brief Indicates whether the LUKS header is on the disk. */
+    Drive::DriveEncryptionState encryptionStatus;
+
     /** @brief Format LUKS encrypted device.
      *
      *  @param[in] password - password to set for the LUKS device.
      */
     void formatLuksDev(std::vector<uint8_t> password);
 
+    /** @brief check the LUKS header, for devPath
+     *
+     *  @returns a CryptHandle to the LUKS drive
+     */
+    CryptHandle loadLuksHeader();
+
     /** @brief Unlock the device.
      *
      *  @param[in] password - password to activate the LUKS device.
      */
+
+    Drive::DriveEncryptionState findEncryptionStatus();
+
     void activateLuksDev(std::vector<uint8_t> password);
 
     /** @brief Create the filesystem on the LUKS device.
diff --git a/src/estoraged.cpp b/src/estoraged.cpp
index af20d32..7c26e8a 100644
--- a/src/estoraged.cpp
+++ b/src/estoraged.cpp
@@ -29,6 +29,7 @@
 using Association = std::tuple<std::string, std::string, std::string>;
 using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
 using sdbusplus::xyz::openbmc_project::Common::Error::UnsupportedRequest;
+using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Drive;
 using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume;
 
 EStoraged::EStoraged(sdbusplus::asio::object_server& server,
@@ -40,7 +41,8 @@
     devPath(devPath),
     containerName(luksName), mountPoint("/mnt/" + luksName + "_fs"),
     lockedProperty(false), cryptIface(std::move(cryptInterface)),
-    fsIface(std::move(fsInterface)), objectServer(server)
+    fsIface(std::move(fsInterface)), objectServer(server),
+    encryptionStatus(Drive::DriveEncryptionState::Unknown)
 {
     /* Get the filename of the device (without "/dev/"). */
     std::string deviceName = std::filesystem::path(devPath).filename().string();
@@ -82,6 +84,14 @@
     driveInterface->register_property("PredictedMediaLifeLeftPercent",
                                       lifeTime);
 
+    driveInterface->register_property_r(
+        "EncryptionStatus", encryptionStatus,
+        sdbusplus::vtable::property_::emits_change,
+        [this](Drive::DriveEncryptionState& value) {
+            value = this->findEncryptionStatus();
+            return value;
+        });
+
     volumeInterface->initialize();
     driveInterface->initialize();
 
@@ -272,12 +282,9 @@
               std::string("OpenBMC.0.1.FormatLuksDevSuccess"));
 }
 
-void EStoraged::activateLuksDev(std::vector<uint8_t> password)
+CryptHandle EStoraged::loadLuksHeader()
 {
-    lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
-              std::string("OpenBMC.0.1.ActivateLuksDev"));
 
-    /* Create the handle. */
     CryptHandle cryptHandle(devPath);
 
     int retval = cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr);
@@ -288,8 +295,31 @@
                    std::string("OpenBMC.0.1.ActivateLuksDevFail"));
         throw InternalFailure();
     }
+    return cryptHandle;
+}
 
-    retval = cryptIface->cryptActivateByPassphrase(
+Drive::DriveEncryptionState EStoraged::findEncryptionStatus()
+{
+    try
+    {
+        loadLuksHeader();
+        return Drive::DriveEncryptionState::Encrypted;
+    }
+    catch (...)
+    {
+        return Drive::DriveEncryptionState::Unknown;
+    }
+}
+
+void EStoraged::activateLuksDev(std::vector<uint8_t> password)
+{
+    lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
+              std::string("OpenBMC.0.1.ActivateLuksDev"));
+
+    /* Create the handle. */
+    CryptHandle cryptHandle = loadLuksHeader();
+
+    int retval = cryptIface->cryptActivateByPassphrase(
         cryptHandle.get(), containerName.c_str(), CRYPT_ANY_SLOT,
         reinterpret_cast<const char*>(password.data()), password.size(), 0);