3 files changed, 52 insertions, 0 deletions
diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh
new file mode 100644
index 000000000..bbaf15d7d
--- /dev/null
+++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+sigfile="/tmp/bmc.sig"
+imagebmc="/run/initramfs/image-bmc"
+bmcimage="/run/initramfs/bmc-image"
+publickey="/etc/activationdata/OpenBMC/publickey"
+bmclog="/tmp/update-bmc.log"
+
+if [ -f $publickey ];then
+    r="$(openssl dgst -verify $publickey -sha256 -signature $sigfile $bmcimage)"
+    echo "$r" > $bmclog
+    if [[ "Verified OK" == "$r" ]]; then
+        mv $bmcimage $imagebmc
+        rm -f $sigfile
+        exit 0
+    else
+        exit 1
+    fi
+else
+    echo "No $publickey file" > $bmclog
+    exit 1
+fi
diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json
new file mode 100644
index 000000000..16c7151ed
--- /dev/null
+++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json
@@ -0,0 +1,21 @@
+[{
+    "blob": "/flash/image",
+    "handler": {
+        "type": "file",
+        "path": "/run/initramfs/bmc-image"
+    },
+    "actions": {
+        "preparation": {
+            "type": "skip"
+        },
+        "verification": {
+            "type": "systemd",
+            "unit": "phosphor-ipmi-flash-bmc-verify.service"
+        },
+        "update": {
+            "type": "systemd",
+            "unit": "reboot.target",
+            "mode": "replace-irreversibly"
+        }
+    }
+}]
diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service
new file mode 100644
index 000000000..574b318ef
--- /dev/null
+++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Phosphor-ipmi-flash bmc verify service
+
+[Service]
+ExecStart=/usr/bin/bmc-verify.sh
+Type=oneshot
+
+[Install]
+WantedBy=phosphor-ipmi-flash-bmc-verify.target