Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / estoraged / f78215fd896ac2d7e3d3e9c6f739bf25da93c921 / . / src / estoraged.cpp
blob: 7c26e8ae61f68891decad27c2f53588ef48d0814 [file] [log] [blame]
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]1
2#include "estoraged.hpp"
3
John Edward Broadbent59dffa62022-01-13 17:41:32 -0800[diff] [blame]4#include "cryptErase.hpp"
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]5#include "cryptsetupInterface.hpp"
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]6#include "pattern.hpp"
John Edward Broadbent605085a2021-11-05 13:45:45 -0700[diff] [blame]7#include "sanitize.hpp"
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]8#include "verifyDriveGeometry.hpp"
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]9#include "zero.hpp"
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]10
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]11#include <libcryptsetup.h>
12#include <openssl/rand.h>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]13
14#include <phosphor-logging/lg2.hpp>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]15#include <sdbusplus/asio/object_server.hpp>
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]16#include <xyz/openbmc_project/Common/error.hpp>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]17
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]18#include <cstdlib>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]19#include <filesystem>
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]20#include <iostream>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]21#include <string>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]22#include <string_view>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]23#include <utility>
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]24#include <vector>
25
26namespace estoraged
27{
28
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]29using Association = std::tuple<std::string, std::string, std::string>;
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]30using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]31using sdbusplus::xyz::openbmc_project::Common::Error::UnsupportedRequest;
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]32using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Drive;
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]33using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume;
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]34
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]35EStoraged::EStoraged(sdbusplus::asio::object_server& server,
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]36 const std::string& configPath, const std::string& devPath,
37 const std::string& luksName, uint64_t size,
38 uint8_t lifeTime,
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]39 std::unique_ptr<CryptsetupInterface> cryptInterface,
40 std::unique_ptr<FilesystemInterface> fsInterface) :
41 devPath(devPath),
42 containerName(luksName), mountPoint("/mnt/" + luksName + "_fs"),
43 lockedProperty(false), cryptIface(std::move(cryptInterface)),
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]44 fsIface(std::move(fsInterface)), objectServer(server),
45 encryptionStatus(Drive::DriveEncryptionState::Unknown)
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]46{
47 /* Get the filename of the device (without "/dev/"). */
48 std::string deviceName = std::filesystem::path(devPath).filename().string();
49 /* DBus object path */
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]50 std::string objectPath =
51 "/xyz/openbmc_project/inventory/storage/" + deviceName;
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]52
53 /* Add Volume interface. */
54 volumeInterface = objectServer.add_interface(
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]55 objectPath, "xyz.openbmc_project.Inventory.Item.Volume");
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]56 volumeInterface->register_method(
57 "FormatLuks", [this](const std::vector<uint8_t>& password,
58 Volume::FilesystemType type) {
59 this->formatLuks(password, type);
60 });
61 volumeInterface->register_method(
62 "Erase",
63 [this](Volume::EraseMethod eraseType) { this->erase(eraseType); });
64 volumeInterface->register_method("Lock", [this]() { this->lock(); });
65 volumeInterface->register_method(
66 "Unlock",
67 [this](std::vector<uint8_t>& password) { this->unlock(password); });
68 volumeInterface->register_method(
69 "ChangePassword", [this](const std::vector<uint8_t>& oldPassword,
70 const std::vector<uint8_t>& newPassword) {
71 this->changePassword(oldPassword, newPassword);
72 });
73 volumeInterface->register_property_r(
74 "Locked", lockedProperty, sdbusplus::vtable::property_::emits_change,
75 [this](bool& value) {
76 value = this->isLocked();
77 return value;
78 });
79
80 /* Add Drive interface. */
81 driveInterface = objectServer.add_interface(
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]82 objectPath, "xyz.openbmc_project.Inventory.Item.Drive");
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]83 driveInterface->register_property("Capacity", size);
John Edward Broadbent5d799bb2022-03-22 16:14:24 -0700[diff] [blame]84 driveInterface->register_property("PredictedMediaLifeLeftPercent",
85 lifeTime);
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]86
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]87 driveInterface->register_property_r(
88 "EncryptionStatus", encryptionStatus,
89 sdbusplus::vtable::property_::emits_change,
90 [this](Drive::DriveEncryptionState& value) {
91 value = this->findEncryptionStatus();
92 return value;
93 });
94
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]95 volumeInterface->initialize();
96 driveInterface->initialize();
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]97
98 /* Set up the association between chassis and drive. */
99 association = objectServer.add_interface(
100 objectPath, "xyz.openbmc_project.Association.Definitions");
101
102 std::vector<Association> associations;
103 associations.emplace_back("chassis", "drive",
104 std::filesystem::path(configPath).parent_path());
105 association->register_property("Associations", associations);
106 association->initialize();
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]107}
108
109EStoraged::~EStoraged()
110{
111 objectServer.remove_interface(volumeInterface);
112 objectServer.remove_interface(driveInterface);
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]113 objectServer.remove_interface(association);
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]114}
115
116void EStoraged::formatLuks(const std::vector<uint8_t>& password,
117 Volume::FilesystemType type)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]118{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]119 std::string msg = "OpenBMC.0.1.DriveFormat";
120 lg2::info("Starting format", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]121
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]122 if (type != Volume::FilesystemType::ext4)
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]123 {
124 lg2::error("Only ext4 filesystems are supported currently",
125 "REDFISH_MESSAGE_ID", std::string("OpenBMC.0.1.FormatFail"));
126 throw UnsupportedRequest();
127 }
128
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]129 formatLuksDev(password);
130 activateLuksDev(password);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]131
132 createFilesystem();
133 mountFilesystem();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]134}
135
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]136void EStoraged::erase(Volume::EraseMethod inEraseMethod)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]137{
138 std::cerr << "Erasing encrypted eMMC" << std::endl;
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]139 lg2::info("Starting erase", "REDFISH_MESSAGE_ID",
140 std::string("OpenBMC.0.1.DriveErase"));
141 switch (inEraseMethod)
142 {
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]143 case Volume::EraseMethod::CryptoErase:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]144 {
John Edward Broadbent59dffa62022-01-13 17:41:32 -0800[diff] [blame]145 CryptErase myCryptErase(devPath);
146 myCryptErase.doErase();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]147 break;
148 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]149 case Volume::EraseMethod::VerifyGeometry:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]150 {
151 VerifyDriveGeometry myVerifyGeometry(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]152 myVerifyGeometry.geometryOkay();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]153 break;
154 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]155 case Volume::EraseMethod::LogicalOverWrite:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]156 {
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]157 Pattern myErasePattern(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]158 myErasePattern.writePattern();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]159 break;
160 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]161 case Volume::EraseMethod::LogicalVerify:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]162 {
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]163 Pattern myErasePattern(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]164 myErasePattern.verifyPattern();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]165 break;
166 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]167 case Volume::EraseMethod::VendorSanitize:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]168 {
John Edward Broadbent605085a2021-11-05 13:45:45 -0700[diff] [blame]169 Sanitize mySanitize(devPath);
170 mySanitize.doSanitize();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]171 break;
172 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]173 case Volume::EraseMethod::ZeroOverWrite:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]174 {
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]175 Zero myZero(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]176 myZero.writeZero();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]177 break;
178 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]179 case Volume::EraseMethod::ZeroVerify:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]180 {
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]181 Zero myZero(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]182 myZero.verifyZero();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]183 break;
184 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]185 case Volume::EraseMethod::SecuredLocked:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]186 {
John Edward Broadbentf59b7292022-02-15 15:07:15 -0800[diff] [blame]187 if (isLocked())
188 {
189 lock();
190 }
191 // TODO: implement hardware locking
192 // Until that is done, we can lock using eStoraged::lock()
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]193 break;
194 }
195 }
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]196}
197
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]198void EStoraged::lock()
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]199{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]200 std::string msg = "OpenBMC.0.1.DriveLock";
201 lg2::info("Starting lock", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]202
203 unmountFilesystem();
204 deactivateLuksDev();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]205}
206
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]207void EStoraged::unlock(std::vector<uint8_t> password)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]208{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]209 std::string msg = "OpenBMC.0.1.DriveUnlock";
210 lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]211
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]212 activateLuksDev(std::move(password));
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]213 mountFilesystem();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]214}
215
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]216void EStoraged::changePassword(const std::vector<uint8_t>& /*oldPassword*/,
217 const std::vector<uint8_t>& /*newPassword*/)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]218{
219 std::cerr << "Changing password for encrypted eMMC" << std::endl;
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]220 lg2::info("Starting change password", "REDFISH_MESSAGE_ID",
221 std::string("OpenBMC.0.1.DrivePasswordChanged"));
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]222}
223
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]224bool EStoraged::isLocked() const
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]225{
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]226 return lockedProperty;
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]227}
228
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]229std::string_view EStoraged::getMountPoint() const
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]230{
231 return mountPoint;
232}
233
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]234void EStoraged::formatLuksDev(std::vector<uint8_t> password)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]235{
236 lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
237 std::string("OpenBMC.0.1.FormatLuksDev"));
238
239 /* Generate the volume key. */
240 const std::size_t keySize = 64;
241 std::vector<uint8_t> volumeKey(keySize);
242 if (RAND_bytes(volumeKey.data(), keySize) != 1)
243 {
244 lg2::error("Failed to create volume key", "REDFISH_MESSAGE_ID",
245 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]246 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]247 }
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]248
249 /* Create the handle. */
250 CryptHandle cryptHandle(devPath);
251
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]252 /* Format the LUKS encrypted device. */
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]253 int retval = cryptIface->cryptFormat(
254 cryptHandle.get(), CRYPT_LUKS2, "aes", "xts-plain64", nullptr,
255 reinterpret_cast<const char*>(volumeKey.data()), volumeKey.size(),
256 nullptr);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]257 if (retval < 0)
258 {
259 lg2::error("Failed to format encrypted device: {RETVAL}", "RETVAL",
260 retval, "REDFISH_MESSAGE_ID",
261 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]262 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]263 }
264
265 /* Device is now encrypted. */
266 locked(true);
267
268 /* Set the password. */
269 retval = cryptIface->cryptKeyslotAddByVolumeKey(
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]270 cryptHandle.get(), CRYPT_ANY_SLOT, nullptr, 0,
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]271 reinterpret_cast<const char*>(password.data()), password.size());
272
273 if (retval < 0)
274 {
275 lg2::error("Failed to set encryption password", "REDFISH_MESSAGE_ID",
276 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]277 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]278 }
279
280 lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath,
281 "REDFISH_MESSAGE_ID",
282 std::string("OpenBMC.0.1.FormatLuksDevSuccess"));
283}
284
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]285CryptHandle EStoraged::loadLuksHeader()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]286{
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]287
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]288 CryptHandle cryptHandle(devPath);
289
290 int retval = cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]291 if (retval < 0)
292 {
293 lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval,
294 "REDFISH_MESSAGE_ID",
295 std::string("OpenBMC.0.1.ActivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]296 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]297 }
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]298 return cryptHandle;
299}
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]300
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]301Drive::DriveEncryptionState EStoraged::findEncryptionStatus()
302{
303 try
304 {
305 loadLuksHeader();
306 return Drive::DriveEncryptionState::Encrypted;
307 }
308 catch (...)
309 {
310 return Drive::DriveEncryptionState::Unknown;
311 }
312}
313
314void EStoraged::activateLuksDev(std::vector<uint8_t> password)
315{
316 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
317 std::string("OpenBMC.0.1.ActivateLuksDev"));
318
319 /* Create the handle. */
320 CryptHandle cryptHandle = loadLuksHeader();
321
322 int retval = cryptIface->cryptActivateByPassphrase(
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]323 cryptHandle.get(), containerName.c_str(), CRYPT_ANY_SLOT,
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]324 reinterpret_cast<const char*>(password.data()), password.size(), 0);
325
326 if (retval < 0)
327 {
328 lg2::error("Failed to activate LUKS dev: {RETVAL}", "RETVAL", retval,
329 "REDFISH_MESSAGE_ID",
330 std::string("OpenBMC.0.1.ActivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]331 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]332 }
333
334 /* Device is now unlocked. */
335 locked(false);
336
337 lg2::info("Successfully activated LUKS dev {DEV}", "DEV", devPath,
338 "REDFISH_MESSAGE_ID",
339 std::string("OpenBMC.0.1.ActivateLuksDevSuccess"));
340}
341
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]342void EStoraged::createFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]343{
344 /* Run the command to create the filesystem. */
345 int retval = fsIface->runMkfs(containerName);
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]346 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]347 {
348 lg2::error("Failed to create filesystem: {RETVAL}", "RETVAL", retval,
349 "REDFISH_MESSAGE_ID",
350 std::string("OpenBMC.0.1.CreateFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]351 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]352 }
353 lg2::info("Successfully created filesystem for /dev/mapper/{CONTAINER}",
354 "CONTAINER", containerName, "REDFISH_MESSAGE_ID",
355 std::string("OpenBMC.0.1.CreateFilesystemSuccess"));
356}
357
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]358void EStoraged::mountFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]359{
John Wedigb17f8252022-01-12 14:24:26 -0800[diff] [blame]360 /*
361 * Create directory for the filesystem, if it's not already present. It
362 * might already exist if, for example, the BMC reboots after creating the
363 * directory.
364 */
365 if (!fsIface->directoryExists(std::filesystem::path(mountPoint)))
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]366 {
John Wedigb17f8252022-01-12 14:24:26 -0800[diff] [blame]367 bool success =
368 fsIface->createDirectory(std::filesystem::path(mountPoint));
369 if (!success)
370 {
371 lg2::error("Failed to create mount point: {DIR}", "DIR", mountPoint,
372 "REDFISH_MESSAGE_ID",
373 std::string("OpenBMC.0.1.MountFilesystemFail"));
374 throw InternalFailure();
375 }
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]376 }
377
378 /* Run the command to mount the filesystem. */
379 std::string luksContainer("/dev/mapper/" + containerName);
380 int retval = fsIface->doMount(luksContainer.c_str(), mountPoint.c_str(),
381 "ext4", 0, nullptr);
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]382 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]383 {
384 lg2::error("Failed to mount filesystem: {RETVAL}", "RETVAL", retval,
385 "REDFISH_MESSAGE_ID",
386 std::string("OpenBMC.0.1.MountFilesystemFail"));
387 bool removeSuccess =
388 fsIface->removeDirectory(std::filesystem::path(mountPoint));
389 if (!removeSuccess)
390 {
391 lg2::error("Failed to remove mount point: {DIR}", "DIR", mountPoint,
392 "REDFISH_MESSAGE_ID",
393 std::string("OpenBMC.0.1.MountFilesystemFail"));
394 }
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]395 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]396 }
397
398 lg2::info("Successfully mounted filesystem at {DIR}", "DIR", mountPoint,
399 "REDFISH_MESSAGE_ID",
400 std::string("OpenBMC.0.1.MountFilesystemSuccess"));
401}
402
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]403void EStoraged::unmountFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]404{
405 int retval = fsIface->doUnmount(mountPoint.c_str());
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]406 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]407 {
408 lg2::error("Failed to unmount filesystem: {RETVAL}", "RETVAL", retval,
409 "REDFISH_MESSAGE_ID",
410 std::string("OpenBMC.0.1.UnmountFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]411 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]412 }
413
414 /* Remove the mount point. */
415 bool success = fsIface->removeDirectory(std::filesystem::path(mountPoint));
416 if (!success)
417 {
418 lg2::error("Failed to remove mount point {DIR}", "DIR", mountPoint,
419 "REDFISH_MESSAGE_ID",
420 std::string("OpenBMC.0.1.UnmountFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]421 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]422 }
423
424 lg2::info("Successfully unmounted filesystem at {DIR}", "DIR", mountPoint,
425 "REDFISH_MESSAGE_ID",
426 std::string("OpenBMC.0.1.MountFilesystemSuccess"));
427}
428
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]429void EStoraged::deactivateLuksDev()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]430{
431 lg2::info("Deactivating LUKS device {DEV}", "DEV", devPath,
432 "REDFISH_MESSAGE_ID",
433 std::string("OpenBMC.0.1.DeactivateLuksDev"));
434
435 int retval = cryptIface->cryptDeactivate(nullptr, containerName.c_str());
436 if (retval < 0)
437 {
438 lg2::error("Failed to deactivate crypt device: {RETVAL}", "RETVAL",
439 retval, "REDFISH_MESSAGE_ID",
440 std::string("OpenBMC.0.1.DeactivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]441 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]442 }
443
444 /* Device is now locked. */
445 locked(true);
446
447 lg2::info("Successfully deactivated LUKS device {DEV}", "DEV", devPath,
448 "REDFISH_MESSAGE_ID",
449 std::string("OpenBMC.0.1.DeactivateLuksDevSuccess"));
450}
451
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]452void EStoraged::locked(bool isLocked)
453{
454 lockedProperty = isLocked;
455}
456
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]457} // namespace estoraged