Enabled Signed image validation in Item Updater
Added build level support to enable/disable signed
validation using WANT_SIGNATURE_VERIFY flag.
Change-Id: I93bc72a69b877baa9df27272c0b20426069b7557
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
diff --git a/activation.cpp b/activation.cpp
index 823f1fb..8d4b202 100644
--- a/activation.cpp
+++ b/activation.cpp
@@ -4,6 +4,14 @@
#include "serialize.hpp"
#include <phosphor-logging/log.hpp>
+#ifdef WANT_SIGNATURE_VERIFY
+#include <phosphor-logging/elog.hpp>
+#include <phosphor-logging/elog-errors.hpp>
+#include <xyz/openbmc_project/Common/error.hpp>
+#include "image_verify.hpp"
+#include "config.h"
+#endif
+
namespace phosphor
{
namespace software
@@ -15,6 +23,11 @@
using namespace phosphor::logging;
+#ifdef WANT_SIGNATURE_VERIFY
+using InternalFailure =
+ sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
+#endif
+
void Activation::subscribeToSystemdSignals()
{
auto method = this->bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
@@ -60,6 +73,24 @@
std::make_unique<ActivationBlocksTransition>(bus, path);
}
+#ifdef WANT_SIGNATURE_VERIFY
+ using Signature = phosphor::software::image::Signature;
+
+ fs::path uploadDir(IMG_UPLOAD_DIR);
+
+ Signature signature(uploadDir / versionId, SIGNED_IMAGE_CONF_PATH);
+
+ // Validate the signed image.
+ if (!signature.verify())
+ {
+ log<level::ERR>("Error occurred during image validation");
+ report<InternalFailure>();
+
+ return softwareServer::Activation::activation(
+ softwareServer::Activation::Activations::Failed);
+ }
+#endif
+
auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
SYSTEMD_INTERFACE, "StartUnit");
method.append("obmc-flash-bmc-ubirw.service", "replace");