secure-boot: log warning error when insecure
Tested:
- Verified that when QuiesceOnHwError was true and values were
incorrect, that log was created with relevant FFDC.
"Severity" : {
"type" : "s",
"data" : "xyz.openbmc_project.Logging.Entry.Level.Warning"
},
"Message" : {
"type" : "s",
"data" : "xyz.openbmc_project.State.Error.SecurityCheckFail"
},
"AdditionalData" : {
"type" : "as",
"data" : [
"SECURE_BOOT_GPIO=0",
"SYSFS_ABR_IMAGE_VAL=0",
"SYSFS_SECURE_BOOT_VAL=0",
"_PID=1015"
]
},
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifc11f4e07c3456c62b4cae0b047c4077a97676bc
diff --git a/secure_boot_check.cpp b/secure_boot_check.cpp
index 2092cba..7316d1d 100644
--- a/secure_boot_check.cpp
+++ b/secure_boot_check.cpp
@@ -122,8 +122,21 @@
{
if ((secureBootGpio != 1) || (secureBootVal != 1) || (abrImage != 0))
{
- // TODO - Generate Error when in mfg mode
error("The system is not secure");
+ std::map<std::string, std::string> additionalData;
+ additionalData.emplace("SECURE_BOOT_GPIO",
+ std::to_string(secureBootGpio));
+ additionalData.emplace("SYSFS_SECURE_BOOT_VAL",
+ std::to_string(secureBootVal));
+ additionalData.emplace("SYSFS_ABR_IMAGE_VAL",
+ std::to_string(abrImage));
+
+ auto bus = sdbusplus::bus::new_default();
+ phosphor::state::manager::utils::createError(
+ bus, "xyz.openbmc_project.State.Error.SecurityCheckFail",
+ sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level::
+ Warning,
+ additionalData);
}
}