diff options
Diffstat (limited to 'meta-google/recipes-phosphor')
17 files changed, 359 insertions, 2 deletions
diff --git a/meta-google/recipes-phosphor/flash/dummy-gbmc-update.bb b/meta-google/recipes-phosphor/flash/dummy-gbmc-update.bb new file mode 100644 index 000000000..7eba3b0fc --- /dev/null +++ b/meta-google/recipes-phosphor/flash/dummy-gbmc-update.bb @@ -0,0 +1,23 @@ +SUMMARY = "Dummy image uploader for sending debug binaries" +DESCRIPTION = "Dummy image uploader for sending debug binaries" +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +inherit systemd + +SRC_URI += "file://config-dummy.json" +SRC_URI += "file://dummy-verify.service" + +FILES_${PN} += "${datadir}/phosphor-ipmi-flash" + +SYSTEMD_SERVICE_${PN} += "dummy-verify.service" + +do_install() { + install -d ${D}${datadir}/phosphor-ipmi-flash + install -m 0644 ${WORKDIR}/config-dummy.json ${D}${datadir}/phosphor-ipmi-flash + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dummy-verify.service ${D}${systemd_system_unitdir} +} diff --git a/meta-google/recipes-phosphor/flash/dummy-gbmc-update/config-dummy.json b/meta-google/recipes-phosphor/flash/dummy-gbmc-update/config-dummy.json new file mode 100644 index 000000000..e68e9105b --- /dev/null +++ b/meta-google/recipes-phosphor/flash/dummy-gbmc-update/config-dummy.json @@ -0,0 +1,19 @@ +[{ + "blob": "/flash/dummy", + "handler": { + "type": "file", + "path": "/run/initramfs/bmc-image" + }, + "actions": { + "preparation": { + "type": "skip" + }, + "verification": { + "type": "systemd", + "unit": "dummy-verify.service" + }, + "update": { + "type": "skip" + } + } +}] diff --git a/meta-google/recipes-phosphor/flash/dummy-gbmc-update/dummy-verify.service b/meta-google/recipes-phosphor/flash/dummy-gbmc-update/dummy-verify.service new file mode 100644 index 000000000..ec320d551 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/dummy-gbmc-update/dummy-verify.service @@ -0,0 +1,6 @@ +[Unit] +Description=Dummy flash file verification + +[Service] +Type=oneshot +ExecStart=/bin/mv /run/initramfs/bmc-image /run/initramfs/dummy diff --git a/meta-google/recipes-phosphor/flash/google-key.bb b/meta-google/recipes-phosphor/flash/google-key.bb new file mode 100644 index 000000000..220211526 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/google-key.bb @@ -0,0 +1,26 @@ +SUMMARY = "Google Key installation Script" +DESCRIPTION = "Google Key installation Script" +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +RDEPENDS_${PN} += "bash" +RDEPENDS_${PN} += "gnupg" + +SRC_URI += " \ + file://platforms_gbmc_bringup.gpg \ + file://platforms_gbmc_secure.gpg \ + file://verify-bmc-image.sh \ +" + +do_install() { + # Install keys into image. + install -d -m 0755 ${D}${datadir}/google-key + install -m 0644 ${WORKDIR}/platforms_gbmc_secure.gpg ${D}${datadir}/google-key/prod.key + install -m 0644 ${WORKDIR}/platforms_gbmc_bringup.gpg ${D}${datadir}/google-key/dev.key + + # Install the verification helper + install -d -m 0755 ${D}${bindir} + install -m 0755 ${WORKDIR}/verify-bmc-image.sh ${D}${bindir} +} diff --git a/meta-google/recipes-phosphor/flash/google-key/platforms_gbmc_bringup.gpg b/meta-google/recipes-phosphor/flash/google-key/platforms_gbmc_bringup.gpg Binary files differnew file mode 100644 index 000000000..f347e224b --- /dev/null +++ b/meta-google/recipes-phosphor/flash/google-key/platforms_gbmc_bringup.gpg diff --git a/meta-google/recipes-phosphor/flash/google-key/platforms_gbmc_secure.gpg b/meta-google/recipes-phosphor/flash/google-key/platforms_gbmc_secure.gpg Binary files differnew file mode 100644 index 000000000..9281f7790 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/google-key/platforms_gbmc_secure.gpg diff --git a/meta-google/recipes-phosphor/flash/google-key/verify-bmc-image.sh b/meta-google/recipes-phosphor/flash/google-key/verify-bmc-image.sh new file mode 100755 index 000000000..cac229a94 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/google-key/verify-bmc-image.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +help_out() { + echo "$ARG0 [--allow-dev] <image file> <sig file>" >&2 + exit 2 +} + +opts="$(getopt -o 'd' -l 'allow-dev' -- "$@")" || exit +dev= +eval set -- "$opts" +while true; do + case "$1" in + --allow-dev|-d) + dev=1 + shift + ;; + --) + shift + break + ;; + *) + echo "Bad option: $1" >&2 + help_out + ;; + esac +done +image_file="${1?Missing image file}" || help_out +sig_file="${2?Missing sig file}" || help_out + +# gnupg needs a home directory even though we don't want to persist any +# information. We always make a new temporary directory for this +GNUPGHOME= +cleanup() { + test -n "$GNUPGHOME" && rm -rf "$GNUPGHOME" +} +trap cleanup ERR EXIT INT +export GNUPGHOME="$(mktemp -d)" || exit + +gpg() { + command gpg --batch --allow-non-selfsigned-uid --no-tty "$@" +} +import_key() { + gpg --import "/usr/share/google-key/$1.key" +} + +import_key prod +if [ -n "$dev" ]; then + import_key dev +fi +gpg --verify --ignore-time-conflict "$sig_file" "$image_file" diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb b/meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb new file mode 100644 index 000000000..c71a579e1 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb @@ -0,0 +1,44 @@ +SUMMARY = "Google BMC Inplace Update Script" +DESCRIPTION = "Google BMC Inplace Update Script" +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +inherit obmc-phosphor-systemd + +PROVIDES += "virtual/bmc-update" +RPROVIDES_${PN} += "virtual/bmc-update" + +RDEPENDS_${PN} += "google-key" +RDEPENDS_${PN} += "bash" + +SRC_URI += " \ + file://config-bmc.json \ + file://inplace-gbmc-verify.service \ + file://inplace-gbmc-verify.sh \ + file://inplace-gbmc-version.service \ + file://inplace-gbmc-version.sh \ +" + +SYSTEMD_SERVICE_${PN} += "inplace-gbmc-verify.service" +SYSTEMD_SERVICE_${PN} += "inplace-gbmc-version.service" + +FILES_${PN} += "${datadir}/phosphor-ipmi-flash" + +do_install() { + sed -i 's,@ALLOW_DEV@,,' ${WORKDIR}/inplace-gbmc-verify.sh + + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/*.sh ${D}${bindir} + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir} + + install -d ${D}${datadir}/phosphor-ipmi-flash + install -m 0644 ${WORKDIR}/config-bmc.json ${D}${datadir}/phosphor-ipmi-flash +} + +do_install_prepend_dev() { + sed -i 's,@ALLOW_DEV@,--allow-dev,' ${WORKDIR}/inplace-gbmc-verify.sh +} diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/config-bmc.json b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/config-bmc.json new file mode 100644 index 000000000..8bd11f2e1 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/config-bmc.json @@ -0,0 +1,33 @@ +[{ + "blob": "/flash/image", + "version": { + "handler": { + "type": "file", + "path": "/run/inplace-gbmc-version" + }, + "actions":{ + "open": { + "type": "systemd", + "unit": "inplace-gbmc-version.service" + } + } + }, + "handler": { + "type": "file", + "path": "/run/initramfs/bmc-image" + }, + "actions": { + "preparation": { + "type": "skip" + }, + "verification": { + "type": "systemd", + "unit": "inplace-gbmc-verify.service" + }, + "update": { + "type": "systemd", + "unit": "reboot.target", + "mode": "replace-irreversibly" + } + } +}] diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.service b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.service new file mode 100644 index 000000000..4552780af --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.service @@ -0,0 +1,6 @@ +[Unit] +Description=Verify the Flash Image File + +[Service] +Type=oneshot +ExecStart=/usr/bin/inplace-gbmc-verify.sh diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.sh b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.sh new file mode 100644 index 000000000..d5307d3d1 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# This script will check the signature for the BMC image against +# the baked in keyring available. If any aspect of this fails, +# the scripts returns non-zero and this can be reported to the +# host. +# +# 1. Verify the image +# 2. Rename the image + +KEYRING=/etc/googlekeys/gbmc/gbmc.gpg +SIGNATURE_FILE=/tmp/bmc.sig +STATUS_FILE=/tmp/bmc.verify + +# Store in /run/initramfs because the behaviour of mv changes +# depending on whether the file is moving within a tree or not. +IMAGE_FILE=/run/initramfs/bmc-image +VERIFIED_FILE=/run/initramfs/image-bmc + +# Make sure we run ERR traps when a function returns an error +set -e + +# Write out the result of the script to a status file upon exiting +# normally or due to an error +exit_handler() { + local status="$?" + if (( status == 0 )); then + echo "success" >"${STATUS_FILE}" + else + echo "failed" >"${STATUS_FILE}" + fi + trap - EXIT ERR + exit "$status" +} +trap exit_handler EXIT ERR + +echo "running" > ${STATUS_FILE} + +# Verify the image. +verify-bmc-image.sh @ALLOW_DEV@ "$IMAGE_FILE" "$SIGNATURE_FILE" || exit + +# Rename the staged file for initramfs updates. +mv ${IMAGE_FILE} ${VERIFIED_FILE}#!/bin/bash diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.service b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.service new file mode 100644 index 000000000..3f6b67179 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.service @@ -0,0 +1,9 @@ +[Unit] +Description=Version string for inplace BMC + +[Service] +Type=oneshot +StandardOutput=file:/run/inplace-gbmc-version +StandardError=journal +ExecStartPre=/bin/rm -f /run/inplace-gbmc-version +ExecStart=/usr/bin/inplace-gbmc-version.sh diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.sh b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.sh new file mode 100644 index 000000000..0c5c4e787 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +grep '^VERSION_ID=' /etc/os-release | sed 's,.*-\([^-]*\),\1,g' | tr -d '\n'#!/bin/bash diff --git a/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend b/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend index 0c74fc8bb..942dfc14c 100644 --- a/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend +++ b/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend @@ -4,6 +4,7 @@ OBMC_IMAGE_EXTRA_INSTALL_append = " phosphor-ipmi-blobs" OBMC_IMAGE_EXTRA_INSTALL_append = " phosphor-ipmi-ethstats" OBMC_IMAGE_EXTRA_INSTALL_append = " phosphor-ipmi-flash" +# Google BMC (gBMC) specific installs OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " iproute2 iproute2-ss" OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " gbmc-systemd-config" OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " gbmc-iperf3" @@ -13,5 +14,12 @@ OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = \ '${@"" if not d.getVar("GBMC_NCSI_IF_NAME") else " gbmc-ncsi-config"}' OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = \ '${@"" if not d.getVar("GBMC_MAC_EEPROM_OF_NAME") else " gbmc-mac-config"}' -OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = \ - '${@"" if not d.getVar("GBMC_KCS_DEV") else " gbmc-kcs-config"}' + +# Include these useful utilities for all gbmc platforms +OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " ipmitool" +OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " iotools" +OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " lrzsz" + +# Add gBMC update recipes +OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " dummy-gbmc-update" +OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " virtual/bmc-update" diff --git a/meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend b/meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend new file mode 100644 index 000000000..03e99b2d0 --- /dev/null +++ b/meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend @@ -0,0 +1,22 @@ +FILESEXTRAPATHS_prepend_gbmc := "${THISDIR}/${PN}:" + +SRC_URI_append_gbmc = " file://gbmc_bridge.json" + +DEPENDS_append_gbmc = " jq-native" + +GBMCBR_IPMI_CHANNEL ?= "11" + +# Replace a channel in config.json to add gbmcbr reporting +do_install_append_gbmc() { + chjson=${D}${datadir}/ipmi-providers/channel_config.json + overlapping="$(jq '."${GBMCBR_IPMI_CHANNEL}" | .is_valid and .name != "gbmcbr"' $chjson)" + if [ "$overlapping" != "false" ]; then + echo "gBMC channel config overlaps on ${GBMCBR_IPMI_CHANNEL}" >&2 + cat $chjson + exit 1 + fi + jq --slurpfile brcfg ${WORKDIR}/gbmc_bridge.json \ + '. + {"${GBMCBR_IPMI_CHANNEL}": $brcfg[0]}' $chjson >${WORKDIR}/tmp + mv ${WORKDIR}/tmp $chjson +} + diff --git a/meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config/gbmc_bridge.json b/meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config/gbmc_bridge.json new file mode 100644 index 000000000..f87728388 --- /dev/null +++ b/meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config/gbmc_bridge.json @@ -0,0 +1,11 @@ +{ + "name" : "gbmcbr", + "is_valid" : true, + "active_sessions" : 0, + "channel_info" : { + "medium_type" : "lan-802.3", + "protocol_type" : "ipmb-1.0", + "session_supported" : "multi-session", + "is_ipmi" : true + } +} diff --git a/meta-google/recipes-phosphor/settings/phosphor-settings-manager/timemanager-default-HOST-MANUAL.override.yml b/meta-google/recipes-phosphor/settings/phosphor-settings-manager/timemanager-default-HOST-MANUAL.override.yml index 77c0dff08..d7d46ec03 100644 --- a/meta-google/recipes-phosphor/settings/phosphor-settings-manager/timemanager-default-HOST-MANUAL.override.yml +++ b/meta-google/recipes-phosphor/settings/phosphor-settings-manager/timemanager-default-HOST-MANUAL.override.yml @@ -1,3 +1,17 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + --- /xyz/openbmc_project/time/sync_method: - Interface: xyz.openbmc_project.Time.Synchronization |