Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-bmc-code-mgmt / 7ab55e208b9454e7ee20d288d61424f4b7effb72^! / . / activation.cpp
commit7ab55e208b9454e7ee20d288d61424f4b7effb72[log] [tgz]
authorLei YU <yulei.sh@bytedance.com>Wed May 19 13:26:53 2021 +0800
committerLei YU <yulei.sh@bytedance.com>Tue Jun 22 09:26:05 2021 +0000
tree77bcc7dd2b07437b761cb5a0af4545ccf32726f8
parent92c7e9ebb1892122d4c142d1387eb0c12584f52e [diff] [blame]
image_verify: Support other images

The code was verifying BMC images only, make it support other images
e.g. BIOS tarball.

The change moves the verifySignature() call before checking the purpose,
so that every image is to be verified.

The `Signature::verify()` is updated to support:
* If the BMC images exists in the tarball, verify all of them;
* If one of the optional images exists in the taball, verify it;
* Return true when either BMC or the optional images are verfied.

The `optional-images` config option removes the "choices", so that a
bbappend could set its own optional images, e.g. `bios.bin`, `fpga.bin`,
etc.

Be noted that the code in verifyFullImage() uses hard-coded images when
WANT_SIGNATURE_FULL_VERIFY is defined, which is not generic.
So if WANT_SIGNATURE_FULL_VERIFY is defined, the verify will fail for
BIOS tarball.

Tested: Enable field mode and verify the BIOS code update fails on
        invalid or missing signatures, and succeeds on valid signatures.

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Id5e1d2eb2c3daec91f24819ec78fa864dc92f0b1

diff --git a/activation.cpp b/activation.cpp
index c82e297..f270504 100644
--- a/activation.cpp
+++ b/activation.cpp

@@ -88,6 +88,19 @@
 
     if (value == softwareServer::Activation::Activations::Activating)
     {
+#ifdef WANT_SIGNATURE_VERIFY
+        fs::path uploadDir(IMG_UPLOAD_DIR);
+        if (!verifySignature(uploadDir / versionId, SIGNED_IMAGE_CONF_PATH))
+        {
+            onVerifyFailed();
+            // Stop the activation process, if fieldMode is enabled.
+            if (parent.control::FieldMode::fieldModeEnabled())
+            {
+                return softwareServer::Activation::activation(
+                    softwareServer::Activation::Activations::Failed);
+            }
+        }
+#endif
 
 #ifdef HOST_BIOS_UPGRADE
         auto purpose = parent.versions.find(versionId)->second->purpose();
@@ -130,20 +143,6 @@
                 softwareServer::Activation::Activations::Failed);
         }
 
-#ifdef WANT_SIGNATURE_VERIFY
-        fs::path uploadDir(IMG_UPLOAD_DIR);
-        if (!verifySignature(uploadDir / versionId, SIGNED_IMAGE_CONF_PATH))
-        {
-            onVerifyFailed();
-            // Stop the activation process, if fieldMode is enabled.
-            if (parent.control::FieldMode::fieldModeEnabled())
-            {
-                return softwareServer::Activation::activation(
-                    softwareServer::Activation::Activations::Failed);
-            }
-        }
-#endif
-
         if (!activationProgress)
         {
             activationProgress =