Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / estoraged / 15b63e12bdc3f3116fb841349dd4f1cd17a8398b / . / src / estoraged.cpp
blob: e03fc4d74349e8c054f8f3012286ecfa67714b62 [file] [log] [blame]
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]1
2#include "estoraged.hpp"
3
John Edward Broadbent59dffa62022-01-13 17:41:32 -0800[diff] [blame]4#include "cryptErase.hpp"
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]5#include "cryptsetupInterface.hpp"
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]6#include "pattern.hpp"
John Edward Broadbent605085a2021-11-05 13:45:45 -0700[diff] [blame]7#include "sanitize.hpp"
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]8#include "verifyDriveGeometry.hpp"
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]9#include "zero.hpp"
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]10
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]11#include <libcryptsetup.h>
12#include <openssl/rand.h>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]13
14#include <phosphor-logging/lg2.hpp>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]15#include <sdbusplus/asio/object_server.hpp>
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]16#include <xyz/openbmc_project/Common/error.hpp>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]17
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]18#include <cstdlib>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]19#include <filesystem>
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]20#include <iostream>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]21#include <string>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]22#include <string_view>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]23#include <utility>
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]24#include <vector>
25
26namespace estoraged
27{
28
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]29using Association = std::tuple<std::string, std::string, std::string>;
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]30using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]31using sdbusplus::xyz::openbmc_project::Common::Error::UnsupportedRequest;
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]32using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Drive;
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]33using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume;
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]34
Patrick Williams15b63e12024-08-16 15:22:01 -0400[diff] [blame^]35EStoraged::EStoraged(
36 sdbusplus::asio::object_server& server, const std::string& configPath,
37 const std::string& devPath, const std::string& luksName, uint64_t size,
38 uint8_t lifeTime, const std::string& partNumber,
39 const std::string& serialNumber, const std::string& locationCode,
40 uint64_t eraseMaxGeometry, uint64_t eraseMinGeometry,
41 const std::string& driveType, const std::string& driveProtocol,
42 std::unique_ptr<CryptsetupInterface> cryptInterface,
43 std::unique_ptr<FilesystemInterface> fsInterface) :
44 devPath(devPath), containerName(luksName),
45 mountPoint("/mnt/" + luksName + "_fs"), eraseMaxGeometry(eraseMaxGeometry),
46 eraseMinGeometry(eraseMinGeometry), cryptIface(std::move(cryptInterface)),
47 fsIface(std::move(fsInterface)),
John Wedig2443a022023-03-17 13:42:32 -0700[diff] [blame]48 cryptDevicePath(cryptIface->cryptGetDir() + "/" + luksName),
John Edward Broadbent6771c692022-06-22 19:49:27 -0700[diff] [blame]49 objectServer(server)
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]50{
51 /* Get the filename of the device (without "/dev/"). */
52 std::string deviceName = std::filesystem::path(devPath).filename().string();
53 /* DBus object path */
Patrick Williams15b63e12024-08-16 15:22:01 -0400[diff] [blame^]54 std::string objectPath =
55 "/xyz/openbmc_project/inventory/storage/" + deviceName;
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]56
57 /* Add Volume interface. */
58 volumeInterface = objectServer.add_interface(
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]59 objectPath, "xyz.openbmc_project.Inventory.Item.Volume");
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]60 volumeInterface->register_method(
61 "FormatLuks", [this](const std::vector<uint8_t>& password,
62 Volume::FilesystemType type) {
Patrick Williams15b63e12024-08-16 15:22:01 -0400[diff] [blame^]63 this->formatLuks(password, type);
64 });
Patrick Williamsff1b64f2023-10-20 11:19:56 -0500[diff] [blame]65 volumeInterface->register_method(
66 "Erase",
67 [this](Volume::EraseMethod eraseType) { this->erase(eraseType); });
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]68 volumeInterface->register_method("Lock", [this]() { this->lock(); });
Patrick Williamsff1b64f2023-10-20 11:19:56 -0500[diff] [blame]69 volumeInterface->register_method(
70 "Unlock",
71 [this](std::vector<uint8_t>& password) { this->unlock(password); });
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]72 volumeInterface->register_method(
73 "ChangePassword", [this](const std::vector<uint8_t>& oldPassword,
74 const std::vector<uint8_t>& newPassword) {
Patrick Williams15b63e12024-08-16 15:22:01 -0400[diff] [blame^]75 this->changePassword(oldPassword, newPassword);
76 });
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]77 volumeInterface->register_property_r(
78 "Locked", lockedProperty, sdbusplus::vtable::property_::emits_change,
79 [this](bool& value) {
Patrick Williams15b63e12024-08-16 15:22:01 -0400[diff] [blame^]80 value = this->isLocked();
81 return value;
82 });
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]83
84 /* Add Drive interface. */
85 driveInterface = objectServer.add_interface(
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]86 objectPath, "xyz.openbmc_project.Inventory.Item.Drive");
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]87 driveInterface->register_property("Capacity", size);
John Edward Broadbent5d799bb2022-03-22 16:14:24 -0700[diff] [blame]88 driveInterface->register_property("PredictedMediaLifeLeftPercent",
89 lifeTime);
John Wedigd7be42b2024-01-19 16:07:19 -0800[diff] [blame]90 driveInterface->register_property(
91 "Type",
92 "xyz.openbmc_project.Inventory.Item.Drive.DriveType." + driveType);
John Wedigc0d66eb2024-02-26 15:54:47 -0800[diff] [blame]93 driveInterface->register_property(
94 "Protocol", "xyz.openbmc_project.Inventory.Item.Drive.DriveProtocol." +
95 driveProtocol);
John Edward Broadbent14aee772022-04-20 13:46:48 -0700[diff] [blame]96 /* This registers the Locked property for the Drives interface.
97 * Now it is the same as the volume Locked property */
98 driveInterface->register_property_r(
99 "Locked", lockedProperty, sdbusplus::vtable::property_::emits_change,
100 [this](bool& value) {
Patrick Williams15b63e12024-08-16 15:22:01 -0400[diff] [blame^]101 value = this->isLocked();
102 return value;
103 });
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]104
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]105 driveInterface->register_property_r(
106 "EncryptionStatus", encryptionStatus,
107 sdbusplus::vtable::property_::emits_change,
108 [this](Drive::DriveEncryptionState& value) {
Patrick Williams15b63e12024-08-16 15:22:01 -0400[diff] [blame^]109 value = this->findEncryptionStatus();
110 return value;
111 });
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]112
John Edward Broadbent49796412022-06-22 18:31:52 -0700[diff] [blame]113 embeddedLocationInterface = objectServer.add_interface(
114 objectPath, "xyz.openbmc_project.Inventory.Connector.Embedded");
John Edward Broadbent740e94b2022-06-10 19:42:30 -0700[diff] [blame]115
Rahul Kapoor19825052023-05-27 01:52:23 +0000[diff] [blame]116 if (!locationCode.empty())
117 {
118 locationCodeInterface = objectServer.add_interface(
119 objectPath, "xyz.openbmc_project.Inventory.Decorator.LocationCode");
120 locationCodeInterface->register_property("LocationCode", locationCode);
121 locationCodeInterface->initialize();
122 }
123
John Wedigb4838302022-07-22 13:51:16 -0700[diff] [blame]124 /* Add Asset interface. */
125 assetInterface = objectServer.add_interface(
126 objectPath, "xyz.openbmc_project.Inventory.Decorator.Asset");
127 assetInterface->register_property("PartNumber", partNumber);
128 assetInterface->register_property("SerialNumber", serialNumber);
129
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]130 volumeInterface->initialize();
131 driveInterface->initialize();
John Edward Broadbent49796412022-06-22 18:31:52 -0700[diff] [blame]132 embeddedLocationInterface->initialize();
John Wedigb4838302022-07-22 13:51:16 -0700[diff] [blame]133 assetInterface->initialize();
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]134
135 /* Set up the association between chassis and drive. */
136 association = objectServer.add_interface(
137 objectPath, "xyz.openbmc_project.Association.Definitions");
138
139 std::vector<Association> associations;
140 associations.emplace_back("chassis", "drive",
141 std::filesystem::path(configPath).parent_path());
142 association->register_property("Associations", associations);
143 association->initialize();
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]144}
145
146EStoraged::~EStoraged()
147{
148 objectServer.remove_interface(volumeInterface);
149 objectServer.remove_interface(driveInterface);
John Edward Broadbent49796412022-06-22 18:31:52 -0700[diff] [blame]150 objectServer.remove_interface(embeddedLocationInterface);
John Wedigb4838302022-07-22 13:51:16 -0700[diff] [blame]151 objectServer.remove_interface(assetInterface);
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]152 objectServer.remove_interface(association);
Rahul Kapoor19825052023-05-27 01:52:23 +0000[diff] [blame]153
154 if (locationCodeInterface != nullptr)
155 {
156 objectServer.remove_interface(locationCodeInterface);
157 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]158}
159
160void EStoraged::formatLuks(const std::vector<uint8_t>& password,
161 Volume::FilesystemType type)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]162{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]163 std::string msg = "OpenBMC.0.1.DriveFormat";
164 lg2::info("Starting format", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]165
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]166 if (type != Volume::FilesystemType::ext4)
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]167 {
168 lg2::error("Only ext4 filesystems are supported currently",
169 "REDFISH_MESSAGE_ID", std::string("OpenBMC.0.1.FormatFail"));
170 throw UnsupportedRequest();
171 }
172
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]173 formatLuksDev(password);
174 activateLuksDev(password);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]175
176 createFilesystem();
177 mountFilesystem();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]178}
179
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]180void EStoraged::erase(Volume::EraseMethod inEraseMethod)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]181{
182 std::cerr << "Erasing encrypted eMMC" << std::endl;
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]183 lg2::info("Starting erase", "REDFISH_MESSAGE_ID",
184 std::string("OpenBMC.0.1.DriveErase"));
185 switch (inEraseMethod)
186 {
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]187 case Volume::EraseMethod::CryptoErase:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]188 {
John Edward Broadbent59dffa62022-01-13 17:41:32 -0800[diff] [blame]189 CryptErase myCryptErase(devPath);
190 myCryptErase.doErase();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]191 break;
192 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]193 case Volume::EraseMethod::VerifyGeometry:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]194 {
195 VerifyDriveGeometry myVerifyGeometry(devPath);
Tom Tung043af592023-11-24 13:37:05 +0800[diff] [blame]196 myVerifyGeometry.geometryOkay(eraseMaxGeometry, eraseMinGeometry);
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]197 break;
198 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]199 case Volume::EraseMethod::LogicalOverWrite:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]200 {
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]201 Pattern myErasePattern(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]202 myErasePattern.writePattern();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]203 break;
204 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]205 case Volume::EraseMethod::LogicalVerify:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]206 {
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]207 Pattern myErasePattern(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]208 myErasePattern.verifyPattern();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]209 break;
210 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]211 case Volume::EraseMethod::VendorSanitize:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]212 {
John Edward Broadbent605085a2021-11-05 13:45:45 -0700[diff] [blame]213 Sanitize mySanitize(devPath);
214 mySanitize.doSanitize();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]215 break;
216 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]217 case Volume::EraseMethod::ZeroOverWrite:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]218 {
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]219 Zero myZero(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]220 myZero.writeZero();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]221 break;
222 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]223 case Volume::EraseMethod::ZeroVerify:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]224 {
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]225 Zero myZero(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]226 myZero.verifyZero();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]227 break;
228 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]229 case Volume::EraseMethod::SecuredLocked:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]230 {
John Wedig47cd7992022-10-05 15:45:11 -0700[diff] [blame]231 if (!isLocked())
John Edward Broadbentf59b7292022-02-15 15:07:15 -0800[diff] [blame]232 {
233 lock();
234 }
235 // TODO: implement hardware locking
236 // Until that is done, we can lock using eStoraged::lock()
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]237 break;
238 }
239 }
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]240}
241
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]242void EStoraged::lock()
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]243{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]244 std::string msg = "OpenBMC.0.1.DriveLock";
245 lg2::info("Starting lock", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]246
247 unmountFilesystem();
248 deactivateLuksDev();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]249}
250
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]251void EStoraged::unlock(std::vector<uint8_t> password)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]252{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]253 std::string msg = "OpenBMC.0.1.DriveUnlock";
254 lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]255
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]256 activateLuksDev(std::move(password));
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]257 mountFilesystem();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]258}
259
John Wedig8d5a3a02022-09-29 15:25:58 -0700[diff] [blame]260void EStoraged::changePassword(const std::vector<uint8_t>& oldPassword,
261 const std::vector<uint8_t>& newPassword)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]262{
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]263 lg2::info("Starting change password", "REDFISH_MESSAGE_ID",
264 std::string("OpenBMC.0.1.DrivePasswordChanged"));
John Wedig8d5a3a02022-09-29 15:25:58 -0700[diff] [blame]265
266 CryptHandle cryptHandle = loadLuksHeader();
267
268 int retval = cryptIface->cryptKeyslotChangeByPassphrase(
269 cryptHandle.get(), CRYPT_ANY_SLOT, CRYPT_ANY_SLOT,
270 reinterpret_cast<const char*>(oldPassword.data()), oldPassword.size(),
271 reinterpret_cast<const char*>(newPassword.data()), newPassword.size());
272 if (retval < 0)
273 {
274 lg2::error("Failed to change password", "REDFISH_MESSAGE_ID",
275 std::string("OpenBMC.0.1.DrivePasswordChangeFail"));
276 throw InternalFailure();
277 }
278
279 lg2::info("Successfully changed password for {DEV}", "DEV", devPath,
280 "REDFISH_MESSAGE_ID",
281 std::string("OpenBMC.0.1.DrivePasswordChangeSuccess"));
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]282}
283
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]284bool EStoraged::isLocked() const
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]285{
John Wedig2443a022023-03-17 13:42:32 -0700[diff] [blame]286 /*
287 * Check if the mapped virtual device exists. If it exists, the LUKS volume
288 * is unlocked.
289 */
290 try
291 {
292 std::filesystem::path mappedDevicePath(cryptDevicePath);
293 return (std::filesystem::exists(mappedDevicePath) == false);
294 }
295 catch (const std::exception& e)
296 {
297 lg2::error("Failed to query locked status: {EXCEPT}", "EXCEPT",
298 e.what(), "REDFISH_MESSAGE_ID",
299 std::string("OpenBMC.0.1.IsLockedFail"));
300 /* If we couldn't query the filesystem path, assume unlocked. */
301 return false;
302 }
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]303}
304
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]305std::string_view EStoraged::getMountPoint() const
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]306{
307 return mountPoint;
308}
309
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]310void EStoraged::formatLuksDev(std::vector<uint8_t> password)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]311{
312 lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
313 std::string("OpenBMC.0.1.FormatLuksDev"));
314
315 /* Generate the volume key. */
316 const std::size_t keySize = 64;
317 std::vector<uint8_t> volumeKey(keySize);
318 if (RAND_bytes(volumeKey.data(), keySize) != 1)
319 {
320 lg2::error("Failed to create volume key", "REDFISH_MESSAGE_ID",
321 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]322 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]323 }
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]324
325 /* Create the handle. */
326 CryptHandle cryptHandle(devPath);
327
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]328 /* Format the LUKS encrypted device. */
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]329 int retval = cryptIface->cryptFormat(
330 cryptHandle.get(), CRYPT_LUKS2, "aes", "xts-plain64", nullptr,
331 reinterpret_cast<const char*>(volumeKey.data()), volumeKey.size(),
332 nullptr);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]333 if (retval < 0)
334 {
335 lg2::error("Failed to format encrypted device: {RETVAL}", "RETVAL",
336 retval, "REDFISH_MESSAGE_ID",
337 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]338 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]339 }
340
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]341 /* Set the password. */
342 retval = cryptIface->cryptKeyslotAddByVolumeKey(
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]343 cryptHandle.get(), CRYPT_ANY_SLOT, nullptr, 0,
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]344 reinterpret_cast<const char*>(password.data()), password.size());
345
346 if (retval < 0)
347 {
348 lg2::error("Failed to set encryption password", "REDFISH_MESSAGE_ID",
349 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]350 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]351 }
352
353 lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath,
354 "REDFISH_MESSAGE_ID",
355 std::string("OpenBMC.0.1.FormatLuksDevSuccess"));
356}
357
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]358CryptHandle EStoraged::loadLuksHeader()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]359{
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]360 CryptHandle cryptHandle(devPath);
361
362 int retval = cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]363 if (retval < 0)
364 {
365 lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval,
366 "REDFISH_MESSAGE_ID",
367 std::string("OpenBMC.0.1.ActivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]368 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]369 }
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]370 return cryptHandle;
371}
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]372
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]373Drive::DriveEncryptionState EStoraged::findEncryptionStatus()
374{
375 try
376 {
377 loadLuksHeader();
378 return Drive::DriveEncryptionState::Encrypted;
379 }
380 catch (...)
381 {
Hao Zhou0cec4282024-03-12 22:16:16 +0000[diff] [blame]382 return Drive::DriveEncryptionState::Unencrypted;
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]383 }
384}
385
386void EStoraged::activateLuksDev(std::vector<uint8_t> password)
387{
388 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
389 std::string("OpenBMC.0.1.ActivateLuksDev"));
390
391 /* Create the handle. */
392 CryptHandle cryptHandle = loadLuksHeader();
393
394 int retval = cryptIface->cryptActivateByPassphrase(
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]395 cryptHandle.get(), containerName.c_str(), CRYPT_ANY_SLOT,
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]396 reinterpret_cast<const char*>(password.data()), password.size(), 0);
397
398 if (retval < 0)
399 {
400 lg2::error("Failed to activate LUKS dev: {RETVAL}", "RETVAL", retval,
401 "REDFISH_MESSAGE_ID",
402 std::string("OpenBMC.0.1.ActivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]403 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]404 }
405
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]406 lg2::info("Successfully activated LUKS dev {DEV}", "DEV", devPath,
407 "REDFISH_MESSAGE_ID",
408 std::string("OpenBMC.0.1.ActivateLuksDevSuccess"));
409}
410
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]411void EStoraged::createFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]412{
413 /* Run the command to create the filesystem. */
John Wedig2443a022023-03-17 13:42:32 -0700[diff] [blame]414 int retval = fsIface->runMkfs(cryptDevicePath);
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]415 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]416 {
417 lg2::error("Failed to create filesystem: {RETVAL}", "RETVAL", retval,
418 "REDFISH_MESSAGE_ID",
419 std::string("OpenBMC.0.1.CreateFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]420 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]421 }
John Wedig2443a022023-03-17 13:42:32 -0700[diff] [blame]422 lg2::info("Successfully created filesystem for {CONTAINER}", "CONTAINER",
423 cryptDevicePath, "REDFISH_MESSAGE_ID",
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]424 std::string("OpenBMC.0.1.CreateFilesystemSuccess"));
425}
426
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]427void EStoraged::mountFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]428{
John Wedigb17f8252022-01-12 14:24:26 -0800[diff] [blame]429 /*
430 * Create directory for the filesystem, if it's not already present. It
431 * might already exist if, for example, the BMC reboots after creating the
432 * directory.
433 */
434 if (!fsIface->directoryExists(std::filesystem::path(mountPoint)))
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]435 {
John Wedigb17f8252022-01-12 14:24:26 -0800[diff] [blame]436 bool success =
437 fsIface->createDirectory(std::filesystem::path(mountPoint));
438 if (!success)
439 {
440 lg2::error("Failed to create mount point: {DIR}", "DIR", mountPoint,
441 "REDFISH_MESSAGE_ID",
442 std::string("OpenBMC.0.1.MountFilesystemFail"));
443 throw InternalFailure();
444 }
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]445 }
446
447 /* Run the command to mount the filesystem. */
John Wedig2443a022023-03-17 13:42:32 -0700[diff] [blame]448 int retval = fsIface->doMount(cryptDevicePath.c_str(), mountPoint.c_str(),
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]449 "ext4", 0, nullptr);
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]450 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]451 {
452 lg2::error("Failed to mount filesystem: {RETVAL}", "RETVAL", retval,
453 "REDFISH_MESSAGE_ID",
454 std::string("OpenBMC.0.1.MountFilesystemFail"));
455 bool removeSuccess =
456 fsIface->removeDirectory(std::filesystem::path(mountPoint));
457 if (!removeSuccess)
458 {
459 lg2::error("Failed to remove mount point: {DIR}", "DIR", mountPoint,
460 "REDFISH_MESSAGE_ID",
461 std::string("OpenBMC.0.1.MountFilesystemFail"));
462 }
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]463 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]464 }
465
466 lg2::info("Successfully mounted filesystem at {DIR}", "DIR", mountPoint,
467 "REDFISH_MESSAGE_ID",
468 std::string("OpenBMC.0.1.MountFilesystemSuccess"));
469}
470
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]471void EStoraged::unmountFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]472{
473 int retval = fsIface->doUnmount(mountPoint.c_str());
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]474 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]475 {
476 lg2::error("Failed to unmount filesystem: {RETVAL}", "RETVAL", retval,
477 "REDFISH_MESSAGE_ID",
478 std::string("OpenBMC.0.1.UnmountFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]479 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]480 }
481
482 /* Remove the mount point. */
483 bool success = fsIface->removeDirectory(std::filesystem::path(mountPoint));
484 if (!success)
485 {
486 lg2::error("Failed to remove mount point {DIR}", "DIR", mountPoint,
487 "REDFISH_MESSAGE_ID",
488 std::string("OpenBMC.0.1.UnmountFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]489 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]490 }
491
492 lg2::info("Successfully unmounted filesystem at {DIR}", "DIR", mountPoint,
493 "REDFISH_MESSAGE_ID",
494 std::string("OpenBMC.0.1.MountFilesystemSuccess"));
495}
496
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]497void EStoraged::deactivateLuksDev()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]498{
499 lg2::info("Deactivating LUKS device {DEV}", "DEV", devPath,
500 "REDFISH_MESSAGE_ID",
501 std::string("OpenBMC.0.1.DeactivateLuksDev"));
502
503 int retval = cryptIface->cryptDeactivate(nullptr, containerName.c_str());
504 if (retval < 0)
505 {
506 lg2::error("Failed to deactivate crypt device: {RETVAL}", "RETVAL",
507 retval, "REDFISH_MESSAGE_ID",
508 std::string("OpenBMC.0.1.DeactivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]509 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]510 }
511
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]512 lg2::info("Successfully deactivated LUKS device {DEV}", "DEV", devPath,
513 "REDFISH_MESSAGE_ID",
514 std::string("OpenBMC.0.1.DeactivateLuksDevSuccess"));
515}
516
John Wedig2443a022023-03-17 13:42:32 -0700[diff] [blame]517std::string_view EStoraged::getCryptDevicePath() const
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]518{
John Wedig2443a022023-03-17 13:42:32 -0700[diff] [blame]519 return cryptDevicePath;
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]520}
521
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]522} // namespace estoraged