Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-bmc-code-mgmt / 7ab55e208b9454e7ee20d288d61424f4b7effb72
commit7ab55e208b9454e7ee20d288d61424f4b7effb72[log] [tgz]
authorLei YU <yulei.sh@bytedance.com>Wed May 19 13:26:53 2021 +0800
committerLei YU <yulei.sh@bytedance.com>Tue Jun 22 09:26:05 2021 +0000
tree77bcc7dd2b07437b761cb5a0af4545ccf32726f8
parent92c7e9ebb1892122d4c142d1387eb0c12584f52e [diff]
image_verify: Support other images

The code was verifying BMC images only, make it support other images
e.g. BIOS tarball.

The change moves the verifySignature() call before checking the purpose,
so that every image is to be verified.

The `Signature::verify()` is updated to support:
* If the BMC images exists in the tarball, verify all of them;
* If one of the optional images exists in the taball, verify it;
* Return true when either BMC or the optional images are verfied.

The `optional-images` config option removes the "choices", so that a
bbappend could set its own optional images, e.g. `bios.bin`, `fpga.bin`,
etc.

Be noted that the code in verifyFullImage() uses hard-coded images when
WANT_SIGNATURE_FULL_VERIFY is defined, which is not generic.
So if WANT_SIGNATURE_FULL_VERIFY is defined, the verify will fail for
BIOS tarball.

Tested: Enable field mode and verify the BIOS code update fails on
        invalid or missing signatures, and succeeds on valid signatures.

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Id5e1d2eb2c3daec91f24819ec78fa864dc92f0b1
4 files changed
tree: 77bcc7dd2b07437b761cb5a0af4545ccf32726f8
  1. mmc/
  2. static/
  3. test/
  4. ubi/
  5. xyz/
  6. .clang-format
  7. .gitignore
  8. activation.cpp
  9. activation.hpp
  10. download_manager.cpp
  11. download_manager.hpp
  12. download_manager_main.cpp
  13. elog-errors.hpp
  14. flash.hpp
  15. force-reboot.service.in
  16. gen-bios-tar
  17. image_manager.cpp
  18. image_manager.hpp
  19. image_manager_main.cpp
  20. image_verify.cpp
  21. image_verify.hpp
  22. images.cpp
  23. images.hpp
  24. item_updater.cpp
  25. item_updater.hpp
  26. item_updater_helper.hpp
  27. item_updater_main.cpp
  28. LICENSE
  29. MAINTAINERS
  30. meson.build
  31. meson_options.txt
  32. msl_verify.cpp
  33. msl_verify.hpp
  34. obmc-flash-bmc
  35. obmc-flash-bmc-setenv@.service.in
  36. obmc-flash-host-bios@.service.in
  37. openssl_alloc.cpp
  38. openssl_alloc.hpp
  39. README.md
  40. reboot-guard-disable.service.in
  41. reboot-guard-enable.service.in
  42. serialize.cpp
  43. serialize.hpp
  44. software.conf
  45. sync_manager.cpp
  46. sync_manager.hpp
  47. sync_manager_main.cpp
  48. sync_watch.cpp
  49. sync_watch.hpp
  50. synclist
  51. usr-local.mount.in
  52. utils.cpp
  53. utils.hpp
  54. version.cpp
  55. version.hpp
  56. watch.cpp
  57. watch.hpp
  58. xyz.openbmc_project.Software.BMC.Updater.service.in
  59. xyz.openbmc_project.Software.Download.service.in
  60. xyz.openbmc_project.Software.Sync.service.in
  61. xyz.openbmc_project.Software.Version.service.in
README.md

phosphor-bmc-code-mgmt

Phosphor BMC Code Management provides a set of system software management applications. More information can be found at Software Architecture

To Build

To build this package, do the following steps:

  1. meson build
  2. ninja -C build

To clean the repository run rm -r build.