| Andrew Geissler | 8d8d731 | 2022-03-04 14:42:26 -0600 | [diff] [blame^] | 1 | #include "config.h" |
| 2 | |
| Andrew Geissler | 6b9421b | 2022-02-24 17:01:55 -0600 | [diff] [blame] | 3 | #include "utils.hpp" |
| 4 | |
| 5 | #include <phosphor-logging/lg2.hpp> |
| 6 | |
| Andrew Geissler | 8d8d731 | 2022-03-04 14:42:26 -0600 | [diff] [blame^] | 7 | #include <filesystem> |
| 8 | #include <fstream> |
| 9 | #include <string> |
| 10 | |
| Andrew Geissler | 6b9421b | 2022-02-24 17:01:55 -0600 | [diff] [blame] | 11 | PHOSPHOR_LOG2_USING; |
| 12 | |
| 13 | int main() |
| 14 | { |
| 15 | // Read the secure boot gpio |
| 16 | auto secureBootGpio = |
| 17 | phosphor::state::manager::utils::getGpioValue("bmc-secure-boot"); |
| 18 | if (secureBootGpio == -1) |
| 19 | { |
| 20 | debug("bmc-secure-boot gpio not present or can not be read"); |
| 21 | } |
| 22 | else if (secureBootGpio == 0) |
| 23 | { |
| 24 | info("bmc-secure-boot gpio found and indicates it is NOT enabled"); |
| 25 | } |
| 26 | else |
| 27 | { |
| 28 | info("bmc-secure-boot found and indicates it is enabled"); |
| 29 | } |
| 30 | |
| Andrew Geissler | 8d8d731 | 2022-03-04 14:42:26 -0600 | [diff] [blame^] | 31 | // Now read the /sys/kernel/debug/aspeed/ files |
| 32 | std::string dbgVal; |
| 33 | std::ifstream dbgFile; |
| 34 | int secureBootVal = -1; |
| 35 | int abrImage = -1; |
| 36 | |
| 37 | dbgFile.exceptions(std::ifstream::failbit | std::ifstream::badbit | |
| 38 | std::ifstream::eofbit); |
| 39 | |
| 40 | if (std::filesystem::exists(SYSFS_SECURE_BOOT_PATH)) |
| 41 | { |
| 42 | try |
| 43 | { |
| 44 | dbgFile.open(SYSFS_SECURE_BOOT_PATH); |
| 45 | dbgFile >> dbgVal; |
| 46 | dbgFile.close(); |
| 47 | info("Read {SECURE_BOOT_VAL} from secure_boot", "SECURE_BOOT_VAL", |
| 48 | dbgVal); |
| 49 | secureBootVal = std::stoi(dbgVal); |
| 50 | } |
| 51 | catch (std::exception& e) |
| 52 | { |
| 53 | error("Failed to read secure boot sysfs file: {ERROR}", "ERROR", e); |
| 54 | // just continue and error will be logged at end if in mfg mode |
| 55 | } |
| 56 | } |
| 57 | else |
| 58 | { |
| 59 | info("sysfs file secure_boot not present"); |
| 60 | } |
| 61 | |
| 62 | if (std::filesystem::exists(SYSFS_ABR_IMAGE_PATH)) |
| 63 | { |
| 64 | |
| 65 | try |
| 66 | { |
| 67 | dbgFile.open(SYSFS_ABR_IMAGE_PATH); |
| 68 | dbgFile >> dbgVal; |
| 69 | dbgFile.close(); |
| 70 | info("Read {ABR_IMAGE_VAL} from abr_image", "ABR_IMAGE_VAL", |
| 71 | dbgVal); |
| 72 | abrImage = std::stoi(dbgVal); |
| 73 | } |
| 74 | catch (std::exception& e) |
| 75 | { |
| 76 | error("Failed to read abr image sysfs file: {ERROR}", "ERROR", e); |
| 77 | // just continue and error will be logged at end if in mfg mode |
| 78 | } |
| 79 | } |
| 80 | else |
| 81 | { |
| 82 | info("sysfs file abr_image not present"); |
| 83 | } |
| 84 | |
| 85 | if ((secureBootGpio != 1) || (secureBootVal != 1) || (abrImage != 0)) |
| 86 | { |
| 87 | // TODO - Generate Error when in mfg mode |
| 88 | error("The system is not secure"); |
| 89 | } |
| 90 | |
| Andrew Geissler | 6b9421b | 2022-02-24 17:01:55 -0600 | [diff] [blame] | 91 | return 0; |
| 92 | } |