BMC Minimum ship Level
This code compares the BMC_MSL defined at compile time,
It will parse the new fw (explicit at MANIFEST file) and use regex to
evaluate it and compare BMC_MSL against version from MANIFEST.
If newer or equal it will apply, otherwise it will fail,
preventing activation operation.
Tested:
regex-bmc-msl="([a-z]+[0-9]{2})+([0-9]+).([0-9]+).([0-9]+)"
fw-package="version=fw1010.00-28.4-0-ge611abca21"
bmc-msl="fw1010.00-27" proceeds with activation...
bmc-msl="fw1010.00-29" returns:
Jul 15 20:35:45 tacoma1z-w81 phosphor-image-updater[766]:
BMC Minimum Ship Level NOT met
Jul 15 20:35:45 tacoma1z-w81 phosphor-image-updater[766]:
A system component has a software version that is incompatible as
determined by the implementation and needs to be updated....
Signed-off-by: Miguel Gomez <mgomez@mx1.ibm.com>
Change-Id: I0ab0eba7c7c89f38ca698aa3e369aa50797edb07
diff --git a/activation.cpp b/activation.cpp
index 6b9dfb8..79b5b10 100644
--- a/activation.cpp
+++ b/activation.cpp
@@ -2,6 +2,7 @@
#include "images.hpp"
#include "item_updater.hpp"
+#include "msl_verify.hpp"
#include "serialize.hpp"
#include <phosphor-logging/elog-errors.hpp>
@@ -9,6 +10,7 @@
#include <phosphor-logging/log.hpp>
#include <sdbusplus/exception.hpp>
#include <xyz/openbmc_project/Common/error.hpp>
+#include <xyz/openbmc_project/Software/Version/error.hpp>
#ifdef WANT_SIGNATURE_VERIFY
#include "image_verify.hpp"
@@ -78,7 +80,6 @@
auto Activation::activation(Activations value) -> Activations
{
-
if ((value != softwareServer::Activation::Activations::Active) &&
(value != softwareServer::Activation::Activations::Activating))
{
@@ -111,6 +112,24 @@
}
#endif
+ auto versionStr = parent.versions.find(versionId)->second->version();
+
+ if (!minimum_ship_level::verify(versionStr))
+ {
+ using namespace phosphor::logging;
+ using IncompatibleErr = sdbusplus::xyz::openbmc_project::Software::
+ Version::Error::Incompatible;
+ using Incompatible =
+ xyz::openbmc_project::Software::Version::Incompatible;
+
+ report<IncompatibleErr>(
+ prev_entry<Incompatible::MIN_VERSION>(),
+ prev_entry<Incompatible::ACTUAL_VERSION>(),
+ prev_entry<Incompatible::VERSION_PURPOSE>());
+ return softwareServer::Activation::activation(
+ softwareServer::Activation::Activations::Failed);
+ }
+
#ifdef WANT_SIGNATURE_VERIFY
fs::path uploadDir(IMG_UPLOAD_DIR);
if (!verifySignature(uploadDir / versionId, SIGNED_IMAGE_CONF_PATH))