Add support for optional images
Add support to allow optional image files in the BMC tarball.
This can be used for example to add a host bios file in a "System"
image, or for elements that as best practice should not be
updated unless necessary like for a bug fix, such as the U-Boot SPL.
This commit provides the ability to add these optional images from
a list of pre-defined names. These files will then go through the
same checks as the default image files such as checking the files
exist and the signature verification (if enabled) passes.
Change-Id: I304b4e28c776db4a51537613888b4e11824cab88
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
diff --git a/image_verify.cpp b/image_verify.cpp
index 6057653..d7b676d 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp
@@ -120,6 +120,30 @@
return false;
}
}
+ // Validate the optional image files.
+ auto optionalImages = getOptionalImages();
+ for (const auto& optionalImage : optionalImages)
+ {
+ // Build Image File name
+ fs::path file(imageDirPath);
+ file /= optionalImage;
+
+ if (fs::exists(file))
+ {
+ // Build Signature File name
+ fs::path sigFile(file);
+ sigFile.replace_extension(SIGNATURE_FILE_EXT);
+
+ // Verify the signature.
+ auto valid = verifyFile(file, sigFile, publicKeyFile, hashType);
+ if (valid == false)
+ {
+ log<level::ERR>("Image file Signature Validation failed",
+ entry("IMAGE=%s", optionalImage.c_str()));
+ return false;
+ }
+ }
+ }
log<level::DEBUG>("Successfully completed Signature vaildation.");
diff --git a/images.cpp b/images.cpp
new file mode 100644
index 0000000..2945f24
--- /dev/null
+++ b/images.cpp
@@ -0,0 +1,28 @@
+#include "config.h"
+
+#include "images.hpp"
+
+#include <iterator>
+#include <sstream>
+#include <string>
+#include <vector>
+
+namespace phosphor
+{
+namespace software
+{
+namespace image
+{
+
+std::vector<std::string> getOptionalImages()
+{
+ std::istringstream optionalImagesStr(OPTIONAL_IMAGES);
+ std::vector<std::string> optionalImages(
+ std::istream_iterator<std::string>{optionalImagesStr},
+ std::istream_iterator<std::string>());
+ return optionalImages;
+}
+
+} // namespace image
+} // namespace software
+} // namespace phosphor
diff --git a/images.hpp b/images.hpp
index 97b8f7f..83c2dd2 100644
--- a/images.hpp
+++ b/images.hpp
@@ -14,6 +14,8 @@
const std::vector<std::string> bmcImages = {"image-kernel", "image-rofs",
"image-rwfs", "image-u-boot"};
+std::vector<std::string> getOptionalImages();
+
} // namespace image
} // namespace software
} // namespace phosphor
diff --git a/meson.build b/meson.build
index 938c10b..1923fb8 100644
--- a/meson.build
+++ b/meson.build
@@ -61,6 +61,12 @@
conf.set_quoted('IMG_UPLOAD_DIR', get_option('img-upload-dir'))
conf.set_quoted('MANIFEST_FILE_NAME', get_option('manifest-file-name'))
conf.set_quoted('MEDIA_DIR', get_option('media-dir'))
+optional_array = get_option('optional-images')
+optional_images = ''
+foreach optiona_image : optional_array
+ optional_images = ' '.join([optional_images, optiona_image])
+endforeach
+conf.set_quoted('OPTIONAL_IMAGES', optional_images)
conf.set_quoted('PUBLICKEY_FILE_NAME', get_option('publickey-file-name'))
conf.set_quoted('SIGNATURE_FILE_EXT', get_option('signature-file-ext'))
conf.set_quoted('SIGNED_IMAGE_CONF_PATH', get_option('signed-image-conf-path'))
@@ -97,6 +103,7 @@
image_updater_sources = files(
'activation.cpp',
+ 'images.cpp',
'item_updater.cpp',
'item_updater_main.cpp',
'serialize.cpp',
@@ -236,6 +243,7 @@
gtest = dependency('gtest', main: true, disabler: true, required: build_tests)
include_srcs = declare_dependency(sources: [
'image_verify.cpp',
+ 'images.cpp',
'version.cpp']
)
diff --git a/meson_options.txt b/meson_options.txt
index c9b7b33..c0def0c 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -54,6 +54,13 @@
)
option(
+ 'optional-images', type: 'array',
+ choices: ['image-hostfw'],
+ value: [],
+ description: 'A list of additional image files in the BMC tarball.',
+)
+
+option(
'publickey-file-name', type: 'string',
value: 'publickey',
description: 'The name of the public key file.',