commit 0e0c1276a776a8d36d6ce2945bf1e583aae45136
author Jayanth Othayoth <ojayanth@in.ibm.com> Wed Feb 21 05:46:36 2018 -0600
committer Adriana Kobylak <anoo@us.ibm.com> Wed Mar 14 15:13:01 2018 -0500
tree 215bec70c1a972207c56f7098f7d4905583d2d02
parent fb6e1fc202b43141b2d57b641d784501a837096a

Enabled Signed image validation in Item Updater

Added build level support to enable/disable signed
validation using WANT_SIGNATURE_VERIFY flag.

Change-Id: I93bc72a69b877baa9df27272c0b20426069b7557
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

activation.cpp

diff --git a/activation.cpp b/activation.cpp
index 823f1fb..8d4b202 100644
--- a/activation.cpp
+++ b/activation.cpp
@@ -4,6 +4,14 @@
 #include "serialize.hpp"
 #include <phosphor-logging/log.hpp>
 
+#ifdef WANT_SIGNATURE_VERIFY
+#include <phosphor-logging/elog.hpp>
+#include <phosphor-logging/elog-errors.hpp>
+#include <xyz/openbmc_project/Common/error.hpp>
+#include "image_verify.hpp"
+#include "config.h"
+#endif
+
 namespace phosphor
 {
 namespace software
@@ -15,6 +23,11 @@
 
 using namespace phosphor::logging;
 
+#ifdef WANT_SIGNATURE_VERIFY
+using InternalFailure =
+    sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
+#endif
+
 void Activation::subscribeToSystemdSignals()
 {
     auto method = this->bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
@@ -60,6 +73,24 @@
                     std::make_unique<ActivationBlocksTransition>(bus, path);
             }
 
+#ifdef WANT_SIGNATURE_VERIFY
+            using Signature = phosphor::software::image::Signature;
+
+            fs::path uploadDir(IMG_UPLOAD_DIR);
+
+            Signature signature(uploadDir / versionId, SIGNED_IMAGE_CONF_PATH);
+
+            // Validate the signed image.
+            if (!signature.verify())
+            {
+                log<level::ERR>("Error occurred during image validation");
+                report<InternalFailure>();
+
+                return softwareServer::Activation::activation(
+                    softwareServer::Activation::Activations::Failed);
+            }
+#endif
+
             auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
                                               SYSTEMD_INTERFACE, "StartUnit");
             method.append("obmc-flash-bmc-ubirw.service", "replace");