Enabled PNOR signed image validation
Enable signature validation during version activation
based on the WANT_SIGNATURE_VERIFY flag.
Change-Id: If8f4357553be9ed2fbcf86b4dddec768532a043a
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
diff --git a/activation.cpp b/activation.cpp
index 350bf5a..ce20dcb 100755
--- a/activation.cpp
+++ b/activation.cpp
@@ -5,6 +5,14 @@
#include "serialize.hpp"
#include <phosphor-logging/log.hpp>
+#ifdef WANT_SIGNATURE_VERIFY
+#include <phosphor-logging/elog.hpp>
+#include <phosphor-logging/elog-errors.hpp>
+#include <xyz/openbmc_project/Common/error.hpp>
+#include "image_verify.hpp"
+#include "config.h"
+#endif
+
namespace openpower
{
namespace software
@@ -17,6 +25,11 @@
using namespace phosphor::logging;
+#ifdef WANT_SIGNATURE_VERIFY
+using InternalFailure =
+ sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
+#endif
+
constexpr auto SYSTEMD_SERVICE = "org.freedesktop.systemd1";
constexpr auto SYSTEMD_OBJ_PATH = "/org/freedesktop/systemd1";
@@ -105,6 +118,25 @@
if (ubiVolumesCreated == false)
{
+
+#ifdef WANT_SIGNATURE_VERIFY
+ using Signature = openpower::software::image::Signature;
+
+ fs::path imagePath(IMG_DIR);
+
+ Signature signature(imagePath / versionId, SIGNED_IMAGE_CONF_PATH);
+
+ // Validate the signed image.
+ if (!signature.verify())
+ {
+ log<level::ERR>("Error occurred during image validation");
+ report<InternalFailure>();
+
+ return softwareServer::Activation::activation(
+ softwareServer::Activation::Activations::Failed);
+ }
+#endif
+
Activation::startActivation();
return softwareServer::Activation::activation(value);
}