Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-ipmi-flash / ffcc5504fcd8f799a59a7bcd6bb90679dc079516^! / . / firmware_handler.cpp
commitffcc5504fcd8f799a59a7bcd6bb90679dc079516[log] [tgz]
authorPatrick Venture <venture@google.com>Fri Nov 16 12:32:38 2018 -0800
committerPatrick Venture <venture@google.com>Wed Nov 21 08:59:26 2018 -0800
tree6a08878ec9590e8754c05f8e8d032d84be00e421
parent86b49e2f869a0d4cf14a5f94ff65f857d0a3a7db [diff] [blame]
firmware: add verify blob_id

Add verification blob_id into the blob list.  This blob_id will require
special handling in a few actions to be added later.

Goal behavior:
- on open, if all others closed, allows open (now only one of 3 can be
opened at once).
- on commit, starts verification process.
- on close, clears out any outstanding state (but doesn't abort
anything).
- on delete, returns failure.

Change-Id: Ifc759c1051cf1748624ccdb5f7dda0a9ea1681d4
Signed-off-by: Patrick Venture <venture@google.com>

diff --git a/firmware_handler.cpp b/firmware_handler.cpp
index fda533e..74328f3 100644
--- a/firmware_handler.cpp
+++ b/firmware_handler.cpp

@@ -28,6 +28,7 @@
 namespace blobs
 {
 
+const std::string FirmwareBlobHandler::verifyBlobID = "/flash/verify";
 const std::string FirmwareBlobHandler::hashBlobID = "/flash/hash";
 const std::string FirmwareBlobHandler::activeImageBlobID =
     "/flash/active/image";
@@ -53,6 +54,7 @@
     {
         blobs.push_back(item.blobName);
     }
+    blobs.push_back(verifyBlobID); /* Add blob_id to always exist. */
 
     if (0 == std::count(blobs.begin(), blobs.end(), hashBlobID))
     {
@@ -106,6 +108,15 @@
 {
     const std::string* toDelete;
 
+    /* You cannot delete the verify blob -- trying to delete it, currently has
+     * no impact.
+     * TODO: Should trying to delete this cause an abort?
+     */
+    if (path == verifyBlobID)
+    {
+        return false;
+    }
+
     if (path == hashBlobID || path == activeHashBlobID)
     {
         /* They're deleting the hash. */
@@ -146,11 +157,17 @@
 bool FirmwareBlobHandler::stat(const std::string& path, struct BlobMeta* meta)
 {
     /* We know we support this path because canHandle is called ahead */
-    if (path == FirmwareBlobHandler::activeImageBlobID)
+    if (path == verifyBlobID)
+    {
+        /* We need to return information for the verify state -- did they call
+         * commit() did things start?
+         */
+    }
+    else if (path == activeImageBlobID)
     {
         /* We need to return information for the image that's staged. */
     }
-    else if (path == FirmwareBlobHandler::activeHashBlobID)
+    else if (path == activeHashBlobID)
     {
         /* We need to return information for the hash that's staged. */
     }
@@ -266,6 +283,27 @@
         return false;
     }
 
+    /* Handle opening the verifyBlobId --> we know the image and hash aren't
+     * open because of the fileOpen check.
+     *
+     * The file must be opened for writing, but no transport mechanism specified
+     * since it's irrelevant.
+     */
+    if (path == verifyBlobID)
+    {
+        /* In this case, there's no image handler to use, or data handler,
+         * simply set up a session.
+         */
+        verifyImage.flags = flags;
+        verifyImage.state = Session::State::open;
+
+        lookup[session] = &verifyImage;
+
+        fileOpen = true;
+
+        return true;
+    }
+
     /* There are two abstractions at play, how you get the data and how you
      * handle that data. such that, whether the data comes from the PCI bridge
      * or LPC bridge is not connected to whether the data goes into a static
@@ -441,16 +479,38 @@
 }
 
 /*
- * If this command is called on the session for the hash image, it'll
+ * If this command is called on the session for the verifyBlobID, it'll
  * trigger a systemd service `verify_image.service` to attempt to verify
- * the image. Before doing this, if the transport mechanism is not IPMI
- * BT, it'll shut down the mechanism used for transport preventing the
- * host from updating anything.
+ * the image.
+ *
+ * For this file to have opened, the other two must be closed, which means any
+ * out-of-band transport mechanism involved is closed.
  */
 bool FirmwareBlobHandler::commit(uint16_t session,
                                  const std::vector<uint8_t>& data)
 {
-    return false;
+    auto item = lookup.find(session);
+    if (item == lookup.end())
+    {
+        return false;
+    }
+
+    /* You can only commit on the verifyBlodId */
+    if (item->second->activePath != verifyBlobID)
+    {
+        return false;
+    }
+
+    /* Can only be called once per verification. */
+    if (state == UpdateState::verificationStarted)
+    {
+        return false;
+    }
+
+    /* Set state to committing. */
+    item->second->flags |= StateFlags::committing;
+
+    return triggerVerification();
 }
 
 /*
@@ -472,11 +532,28 @@
         return false;
     }
 
+    /* Are you closing the verify blob? */
+    if (item->second->activePath == verifyBlobID)
+    {
+        /* If they close this blob before verification finishes, that's an
+         * abort.
+         * TODO: implement this, for now just let them close the file.
+         */
+        if (state == UpdateState::verificationStarted)
+        {
+            return false;
+        }
+    }
+
     if (item->second->dataHandler)
     {
         item->second->dataHandler->close();
     }
-    item->second->imageHandler->close();
+    if (item->second->imageHandler)
+    {
+        item->second->imageHandler->close();
+    }
+
     item->second->state = Session::State::closed;
     /* Do not delete the active blob_id from the list of blob_ids, because that
      * blob_id indicates there is data stored.  Delete will destroy it.
@@ -508,4 +585,12 @@
     return {};
 }
 
+bool FirmwareBlobHandler::triggerVerification()
+{
+    state = UpdateState::verificationStarted;
+
+    /* TODO: implement this. */
+    return true;
+}
+
 } // namespace blobs