Add D-Bus interface for a logical volume
Add an initial D-Bus interface for a logical volume, which will be used
for eStoraged. It includes the following methods: FormatLuks, Lock,
Unlock, and ChangePassword.
The design doc for eStoraged can be found here:
https://github.com/openbmc/docs/blob/master/designs/estoraged.md
Signed-off-by: John Wedig <johnwedig@google.com>
Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I7975056e52901a82b36933b51fb3eea112818385
diff --git a/yaml/xyz/openbmc_project/Inventory/Item/Volume.interface.yaml b/yaml/xyz/openbmc_project/Inventory/Item/Volume.interface.yaml
new file mode 100644
index 0000000..fab0db8
--- /dev/null
+++ b/yaml/xyz/openbmc_project/Inventory/Item/Volume.interface.yaml
@@ -0,0 +1,124 @@
+description: >
+ D-bus interface to manage a logical storage volume. Currently, this
+ interface only supports LUKS encrypted volumes, but it can be extended in
+ the future to support other types of volumes, as well.
+
+methods:
+ - name: FormatLuks
+ description: >
+ Format a LUKS encrypted device and create a filesystem.
+ parameters:
+ - name: Password
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ - name: Type
+ type: enum[self.FilesystemType]
+ description: >
+ Type of filesystem, e.g. ext2, ext3, ext4, vfat.
+ errors:
+ - xyz.openbmc_project.Common.Error.InternalFailure
+ - xyz.openbmc_project.Common.Error.ResourceNotFound
+ - xyz.openbmc_project.Common.Error.UnsupportedRequest
+
+ - name: Erase
+ description: >
+ Erase the contents of the volume.
+ parameters:
+ - name: EraseType
+ type: enum[self.EraseMethod]
+ description: >
+ Describes what type of erase is done.
+ errors:
+ - xyz.openbmc_project.Common.Error.InternalFailure
+ - xyz.openbmc_project.Common.Error.ResourceNotFound
+
+ - name: Lock
+ description: >
+ Unmount the filesystem, lock the volume, and remove sensitive data
+ (e.g. volume key) from memory.
+ errors:
+ - xyz.openbmc_project.Common.Error.InternalFailure
+ - xyz.openbmc_project.Common.Error.UnsupportedRequest
+
+ - name: Unlock
+ description: >
+ Activate the volume and mount the filesystem.
+ parameters:
+ - name: Password
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ errors:
+ - xyz.openbmc_project.Common.Error.InternalFailure
+ - xyz.openbmc_project.Common.Error.ResourceNotFound
+
+ - name: ChangePassword
+ description: >
+ Change the LUKS password that unlocks the storage volume.
+ parameters:
+ - name: OldPassword
+ type: array[byte]
+ description: >
+ Array of bytes for the old LUKS password.
+ - name: NewPassword
+ type: array[byte]
+ description: >
+ Array of bytes to use as the LUKS password.
+ errors:
+ - xyz.openbmc_project.Common.Error.InternalFailure
+ - xyz.openbmc_project.Common.Error.ResourceNotFound
+
+properties:
+ - name: Locked
+ type: boolean
+ default: false
+ description: >
+ Indicates whether the LUKS volume is locked.
+
+enumerations:
+ - name: EraseMethod
+ description: >
+ Indicates which erase method/step is being requested.
+ values:
+ - name: CryptoErase
+ description: >
+ Destroys the encryption key slots, preventing decyrption.
+ - name: VerifyGeometry
+ description: >
+ Confirms a set percent of the disk is accessible.
+ - name: LogicalOverWrite
+ description: >
+ Overwrites the disk with a reproducible incompressible pattern.
+ - name: LogicalVerify
+ description: >
+ Verifies a reproducible pattern has been written to the disk.
+ - name: VendorSanitize
+ description: >
+ Uses the sanitization provided by the device firmware.
+ - name: ZeroOverWrite
+ description: >
+ Writes zeros over the whole disk.
+ - name: ZeroVerify
+ description: >
+ Verifies the the entire disk has been zeroed.
+ - name: SecuredLocked
+ description: >
+ Locks the disk to prevent data being written to it.
+
+ - name: FilesystemType
+ description: >
+ Type of filesystem used on the storage device.
+ values:
+ - name: ext2
+ description: >
+ Filesystem type ext2
+ - name: ext3
+ description: >
+ Filesystem type ext3
+ - name: ext4
+ description: >
+ Filesystem type ext4
+ - name: vfat
+ description: >
+ Filesystem type vfat