Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / estoraged / 49796415d9ead7c8a3fe622727945a501322931d / . / src / estoraged.cpp
blob: 9c4fba941a41ad95e7e8143e75406c6052e0dd54 [file] [log] [blame]
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]1
2#include "estoraged.hpp"
3
John Edward Broadbent59dffa62022-01-13 17:41:32 -0800[diff] [blame]4#include "cryptErase.hpp"
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]5#include "cryptsetupInterface.hpp"
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]6#include "pattern.hpp"
John Edward Broadbent605085a2021-11-05 13:45:45 -0700[diff] [blame]7#include "sanitize.hpp"
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]8#include "verifyDriveGeometry.hpp"
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]9#include "zero.hpp"
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]10
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]11#include <libcryptsetup.h>
12#include <openssl/rand.h>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]13
14#include <phosphor-logging/lg2.hpp>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]15#include <sdbusplus/asio/object_server.hpp>
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]16#include <xyz/openbmc_project/Common/error.hpp>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]17
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]18#include <cstdlib>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]19#include <filesystem>
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]20#include <iostream>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]21#include <string>
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]22#include <string_view>
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]23#include <utility>
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]24#include <vector>
25
26namespace estoraged
27{
28
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]29using Association = std::tuple<std::string, std::string, std::string>;
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]30using sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]31using sdbusplus::xyz::openbmc_project::Common::Error::UnsupportedRequest;
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]32using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Drive;
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]33using sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume;
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]34
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]35EStoraged::EStoraged(sdbusplus::asio::object_server& server,
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]36 const std::string& configPath, const std::string& devPath,
37 const std::string& luksName, uint64_t size,
38 uint8_t lifeTime,
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]39 std::unique_ptr<CryptsetupInterface> cryptInterface,
40 std::unique_ptr<FilesystemInterface> fsInterface) :
41 devPath(devPath),
42 containerName(luksName), mountPoint("/mnt/" + luksName + "_fs"),
John Edward Broadbent6771c692022-06-22 19:49:27 -0700[diff] [blame]43 cryptIface(std::move(cryptInterface)), fsIface(std::move(fsInterface)),
44 objectServer(server)
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]45{
46 /* Get the filename of the device (without "/dev/"). */
47 std::string deviceName = std::filesystem::path(devPath).filename().string();
48 /* DBus object path */
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]49 std::string objectPath =
50 "/xyz/openbmc_project/inventory/storage/" + deviceName;
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]51
52 /* Add Volume interface. */
53 volumeInterface = objectServer.add_interface(
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]54 objectPath, "xyz.openbmc_project.Inventory.Item.Volume");
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]55 volumeInterface->register_method(
56 "FormatLuks", [this](const std::vector<uint8_t>& password,
57 Volume::FilesystemType type) {
58 this->formatLuks(password, type);
59 });
60 volumeInterface->register_method(
61 "Erase",
62 [this](Volume::EraseMethod eraseType) { this->erase(eraseType); });
63 volumeInterface->register_method("Lock", [this]() { this->lock(); });
64 volumeInterface->register_method(
65 "Unlock",
66 [this](std::vector<uint8_t>& password) { this->unlock(password); });
67 volumeInterface->register_method(
68 "ChangePassword", [this](const std::vector<uint8_t>& oldPassword,
69 const std::vector<uint8_t>& newPassword) {
70 this->changePassword(oldPassword, newPassword);
71 });
72 volumeInterface->register_property_r(
73 "Locked", lockedProperty, sdbusplus::vtable::property_::emits_change,
74 [this](bool& value) {
75 value = this->isLocked();
76 return value;
77 });
78
79 /* Add Drive interface. */
80 driveInterface = objectServer.add_interface(
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]81 objectPath, "xyz.openbmc_project.Inventory.Item.Drive");
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]82 driveInterface->register_property("Capacity", size);
John Edward Broadbent5d799bb2022-03-22 16:14:24 -0700[diff] [blame]83 driveInterface->register_property("PredictedMediaLifeLeftPercent",
84 lifeTime);
John Edward Broadbent14aee772022-04-20 13:46:48 -0700[diff] [blame]85 /* This registers the Locked property for the Drives interface.
86 * Now it is the same as the volume Locked property */
87 driveInterface->register_property_r(
88 "Locked", lockedProperty, sdbusplus::vtable::property_::emits_change,
89 [this](bool& value) {
90 value = this->isLocked();
91 return value;
92 });
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]93
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]94 driveInterface->register_property_r(
95 "EncryptionStatus", encryptionStatus,
96 sdbusplus::vtable::property_::emits_change,
97 [this](Drive::DriveEncryptionState& value) {
98 value = this->findEncryptionStatus();
99 return value;
100 });
101
John Edward Broadbent49796412022-06-22 18:31:52 -0700[diff] [blame^]102 embeddedLocationInterface = objectServer.add_interface(
103 objectPath, "xyz.openbmc_project.Inventory.Connector.Embedded");
John Edward Broadbent740e94b2022-06-10 19:42:30 -0700[diff] [blame]104
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]105 volumeInterface->initialize();
106 driveInterface->initialize();
John Edward Broadbent49796412022-06-22 18:31:52 -0700[diff] [blame^]107 embeddedLocationInterface->initialize();
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]108
109 /* Set up the association between chassis and drive. */
110 association = objectServer.add_interface(
111 objectPath, "xyz.openbmc_project.Association.Definitions");
112
113 std::vector<Association> associations;
114 associations.emplace_back("chassis", "drive",
115 std::filesystem::path(configPath).parent_path());
116 association->register_property("Associations", associations);
117 association->initialize();
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]118}
119
120EStoraged::~EStoraged()
121{
122 objectServer.remove_interface(volumeInterface);
123 objectServer.remove_interface(driveInterface);
John Edward Broadbent49796412022-06-22 18:31:52 -0700[diff] [blame^]124 objectServer.remove_interface(embeddedLocationInterface);
John Wedig6c0d8ce2022-04-22 14:00:43 -0700[diff] [blame]125 objectServer.remove_interface(association);
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]126}
127
128void EStoraged::formatLuks(const std::vector<uint8_t>& password,
129 Volume::FilesystemType type)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]130{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]131 std::string msg = "OpenBMC.0.1.DriveFormat";
132 lg2::info("Starting format", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]133
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]134 if (type != Volume::FilesystemType::ext4)
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]135 {
136 lg2::error("Only ext4 filesystems are supported currently",
137 "REDFISH_MESSAGE_ID", std::string("OpenBMC.0.1.FormatFail"));
138 throw UnsupportedRequest();
139 }
140
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]141 formatLuksDev(password);
142 activateLuksDev(password);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]143
144 createFilesystem();
145 mountFilesystem();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]146}
147
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]148void EStoraged::erase(Volume::EraseMethod inEraseMethod)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]149{
150 std::cerr << "Erasing encrypted eMMC" << std::endl;
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]151 lg2::info("Starting erase", "REDFISH_MESSAGE_ID",
152 std::string("OpenBMC.0.1.DriveErase"));
153 switch (inEraseMethod)
154 {
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]155 case Volume::EraseMethod::CryptoErase:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]156 {
John Edward Broadbent59dffa62022-01-13 17:41:32 -0800[diff] [blame]157 CryptErase myCryptErase(devPath);
158 myCryptErase.doErase();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]159 break;
160 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]161 case Volume::EraseMethod::VerifyGeometry:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]162 {
163 VerifyDriveGeometry myVerifyGeometry(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]164 myVerifyGeometry.geometryOkay();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]165 break;
166 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]167 case Volume::EraseMethod::LogicalOverWrite:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]168 {
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]169 Pattern myErasePattern(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]170 myErasePattern.writePattern();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]171 break;
172 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]173 case Volume::EraseMethod::LogicalVerify:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]174 {
John Edward Broadbent7f2ab642021-11-11 21:00:38 -0800[diff] [blame]175 Pattern myErasePattern(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]176 myErasePattern.verifyPattern();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]177 break;
178 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]179 case Volume::EraseMethod::VendorSanitize:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]180 {
John Edward Broadbent605085a2021-11-05 13:45:45 -0700[diff] [blame]181 Sanitize mySanitize(devPath);
182 mySanitize.doSanitize();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]183 break;
184 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]185 case Volume::EraseMethod::ZeroOverWrite:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]186 {
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]187 Zero myZero(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]188 myZero.writeZero();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]189 break;
190 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]191 case Volume::EraseMethod::ZeroVerify:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]192 {
John Edward Broadbent4bc8a102021-12-30 16:11:49 -0800[diff] [blame]193 Zero myZero(devPath);
John Edward Broadbenta6e3b992022-03-17 14:33:15 -0700[diff] [blame]194 myZero.verifyZero();
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]195 break;
196 }
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]197 case Volume::EraseMethod::SecuredLocked:
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]198 {
John Edward Broadbentf59b7292022-02-15 15:07:15 -0800[diff] [blame]199 if (isLocked())
200 {
201 lock();
202 }
203 // TODO: implement hardware locking
204 // Until that is done, we can lock using eStoraged::lock()
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]205 break;
206 }
207 }
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]208}
209
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]210void EStoraged::lock()
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]211{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]212 std::string msg = "OpenBMC.0.1.DriveLock";
213 lg2::info("Starting lock", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]214
215 unmountFilesystem();
216 deactivateLuksDev();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]217}
218
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]219void EStoraged::unlock(std::vector<uint8_t> password)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]220{
John Edward Broadbent4e13b0a2021-11-15 15:21:59 -0800[diff] [blame]221 std::string msg = "OpenBMC.0.1.DriveUnlock";
222 lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]223
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]224 activateLuksDev(std::move(password));
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]225 mountFilesystem();
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]226}
227
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]228void EStoraged::changePassword(const std::vector<uint8_t>& /*oldPassword*/,
229 const std::vector<uint8_t>& /*newPassword*/)
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]230{
231 std::cerr << "Changing password for encrypted eMMC" << std::endl;
John Edward Broadbente6ffe702021-10-14 14:03:11 -0700[diff] [blame]232 lg2::info("Starting change password", "REDFISH_MESSAGE_ID",
233 std::string("OpenBMC.0.1.DrivePasswordChanged"));
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]234}
235
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]236bool EStoraged::isLocked() const
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]237{
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]238 return lockedProperty;
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]239}
240
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]241std::string_view EStoraged::getMountPoint() const
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]242{
243 return mountPoint;
244}
245
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]246void EStoraged::formatLuksDev(std::vector<uint8_t> password)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]247{
248 lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
249 std::string("OpenBMC.0.1.FormatLuksDev"));
250
251 /* Generate the volume key. */
252 const std::size_t keySize = 64;
253 std::vector<uint8_t> volumeKey(keySize);
254 if (RAND_bytes(volumeKey.data(), keySize) != 1)
255 {
256 lg2::error("Failed to create volume key", "REDFISH_MESSAGE_ID",
257 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]258 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]259 }
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]260
261 /* Create the handle. */
262 CryptHandle cryptHandle(devPath);
263
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]264 /* Format the LUKS encrypted device. */
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]265 int retval = cryptIface->cryptFormat(
266 cryptHandle.get(), CRYPT_LUKS2, "aes", "xts-plain64", nullptr,
267 reinterpret_cast<const char*>(volumeKey.data()), volumeKey.size(),
268 nullptr);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]269 if (retval < 0)
270 {
271 lg2::error("Failed to format encrypted device: {RETVAL}", "RETVAL",
272 retval, "REDFISH_MESSAGE_ID",
273 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]274 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]275 }
276
277 /* Device is now encrypted. */
278 locked(true);
279
280 /* Set the password. */
281 retval = cryptIface->cryptKeyslotAddByVolumeKey(
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]282 cryptHandle.get(), CRYPT_ANY_SLOT, nullptr, 0,
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]283 reinterpret_cast<const char*>(password.data()), password.size());
284
285 if (retval < 0)
286 {
287 lg2::error("Failed to set encryption password", "REDFISH_MESSAGE_ID",
288 std::string("OpenBMC.0.1.FormatLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]289 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]290 }
291
292 lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath,
293 "REDFISH_MESSAGE_ID",
294 std::string("OpenBMC.0.1.FormatLuksDevSuccess"));
295}
296
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]297CryptHandle EStoraged::loadLuksHeader()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]298{
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]299
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]300 CryptHandle cryptHandle(devPath);
301
302 int retval = cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr);
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]303 if (retval < 0)
304 {
305 lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval,
306 "REDFISH_MESSAGE_ID",
307 std::string("OpenBMC.0.1.ActivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]308 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]309 }
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]310 return cryptHandle;
311}
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]312
John Edward Broadbent91c1ec12022-05-20 16:51:43 -0700[diff] [blame]313Drive::DriveEncryptionState EStoraged::findEncryptionStatus()
314{
315 try
316 {
317 loadLuksHeader();
318 return Drive::DriveEncryptionState::Encrypted;
319 }
320 catch (...)
321 {
322 return Drive::DriveEncryptionState::Unknown;
323 }
324}
325
326void EStoraged::activateLuksDev(std::vector<uint8_t> password)
327{
328 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
329 std::string("OpenBMC.0.1.ActivateLuksDev"));
330
331 /* Create the handle. */
332 CryptHandle cryptHandle = loadLuksHeader();
333
334 int retval = cryptIface->cryptActivateByPassphrase(
John Edward Broadbentb2c86be2022-04-15 11:45:53 -0700[diff] [blame]335 cryptHandle.get(), containerName.c_str(), CRYPT_ANY_SLOT,
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]336 reinterpret_cast<const char*>(password.data()), password.size(), 0);
337
338 if (retval < 0)
339 {
340 lg2::error("Failed to activate LUKS dev: {RETVAL}", "RETVAL", retval,
341 "REDFISH_MESSAGE_ID",
342 std::string("OpenBMC.0.1.ActivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]343 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]344 }
345
346 /* Device is now unlocked. */
347 locked(false);
348
349 lg2::info("Successfully activated LUKS dev {DEV}", "DEV", devPath,
350 "REDFISH_MESSAGE_ID",
351 std::string("OpenBMC.0.1.ActivateLuksDevSuccess"));
352}
353
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]354void EStoraged::createFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]355{
356 /* Run the command to create the filesystem. */
357 int retval = fsIface->runMkfs(containerName);
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]358 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]359 {
360 lg2::error("Failed to create filesystem: {RETVAL}", "RETVAL", retval,
361 "REDFISH_MESSAGE_ID",
362 std::string("OpenBMC.0.1.CreateFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]363 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]364 }
365 lg2::info("Successfully created filesystem for /dev/mapper/{CONTAINER}",
366 "CONTAINER", containerName, "REDFISH_MESSAGE_ID",
367 std::string("OpenBMC.0.1.CreateFilesystemSuccess"));
368}
369
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]370void EStoraged::mountFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]371{
John Wedigb17f8252022-01-12 14:24:26 -0800[diff] [blame]372 /*
373 * Create directory for the filesystem, if it's not already present. It
374 * might already exist if, for example, the BMC reboots after creating the
375 * directory.
376 */
377 if (!fsIface->directoryExists(std::filesystem::path(mountPoint)))
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]378 {
John Wedigb17f8252022-01-12 14:24:26 -0800[diff] [blame]379 bool success =
380 fsIface->createDirectory(std::filesystem::path(mountPoint));
381 if (!success)
382 {
383 lg2::error("Failed to create mount point: {DIR}", "DIR", mountPoint,
384 "REDFISH_MESSAGE_ID",
385 std::string("OpenBMC.0.1.MountFilesystemFail"));
386 throw InternalFailure();
387 }
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]388 }
389
390 /* Run the command to mount the filesystem. */
391 std::string luksContainer("/dev/mapper/" + containerName);
392 int retval = fsIface->doMount(luksContainer.c_str(), mountPoint.c_str(),
393 "ext4", 0, nullptr);
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]394 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]395 {
396 lg2::error("Failed to mount filesystem: {RETVAL}", "RETVAL", retval,
397 "REDFISH_MESSAGE_ID",
398 std::string("OpenBMC.0.1.MountFilesystemFail"));
399 bool removeSuccess =
400 fsIface->removeDirectory(std::filesystem::path(mountPoint));
401 if (!removeSuccess)
402 {
403 lg2::error("Failed to remove mount point: {DIR}", "DIR", mountPoint,
404 "REDFISH_MESSAGE_ID",
405 std::string("OpenBMC.0.1.MountFilesystemFail"));
406 }
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]407 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]408 }
409
410 lg2::info("Successfully mounted filesystem at {DIR}", "DIR", mountPoint,
411 "REDFISH_MESSAGE_ID",
412 std::string("OpenBMC.0.1.MountFilesystemSuccess"));
413}
414
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]415void EStoraged::unmountFilesystem()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]416{
417 int retval = fsIface->doUnmount(mountPoint.c_str());
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]418 if (retval != 0)
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]419 {
420 lg2::error("Failed to unmount filesystem: {RETVAL}", "RETVAL", retval,
421 "REDFISH_MESSAGE_ID",
422 std::string("OpenBMC.0.1.UnmountFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]423 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]424 }
425
426 /* Remove the mount point. */
427 bool success = fsIface->removeDirectory(std::filesystem::path(mountPoint));
428 if (!success)
429 {
430 lg2::error("Failed to remove mount point {DIR}", "DIR", mountPoint,
431 "REDFISH_MESSAGE_ID",
432 std::string("OpenBMC.0.1.UnmountFilesystemFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]433 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]434 }
435
436 lg2::info("Successfully unmounted filesystem at {DIR}", "DIR", mountPoint,
437 "REDFISH_MESSAGE_ID",
438 std::string("OpenBMC.0.1.MountFilesystemSuccess"));
439}
440
Ed Tanous82897c32022-02-21 14:11:59 -0800[diff] [blame]441void EStoraged::deactivateLuksDev()
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]442{
443 lg2::info("Deactivating LUKS device {DEV}", "DEV", devPath,
444 "REDFISH_MESSAGE_ID",
445 std::string("OpenBMC.0.1.DeactivateLuksDev"));
446
447 int retval = cryptIface->cryptDeactivate(nullptr, containerName.c_str());
448 if (retval < 0)
449 {
450 lg2::error("Failed to deactivate crypt device: {RETVAL}", "RETVAL",
451 retval, "REDFISH_MESSAGE_ID",
452 std::string("OpenBMC.0.1.DeactivateLuksDevFail"));
John Wedig972c3fa2021-12-29 17:30:41 -0800[diff] [blame]453 throw InternalFailure();
John Wedigb810c922021-11-17 16:38:03 -0800[diff] [blame]454 }
455
456 /* Device is now locked. */
457 locked(true);
458
459 lg2::info("Successfully deactivated LUKS device {DEV}", "DEV", devPath,
460 "REDFISH_MESSAGE_ID",
461 std::string("OpenBMC.0.1.DeactivateLuksDevSuccess"));
462}
463
John Wedig67a47442022-04-05 17:21:29 -0700[diff] [blame]464void EStoraged::locked(bool isLocked)
465{
466 lockedProperty = isLocked;
467}
468
John Wedig2098dab2021-09-14 13:56:28 -0700[diff] [blame]469} // namespace estoraged