From f089ba1b6aff10fcd4e7a6e4b9809e866e0816ff Mon Sep 17 00:00:00 2001 From: George Hung Date: Wed, 20 May 2020 17:22:25 +0800 Subject: meta-quanta: gbs: inband bmc/bios image update gbs-bmc-update and gbs-bios-update packages do inband bmc/bios image update via Nuvoton PCI mailbox Tested: Set PCI mailbox memory space as writable ~# sudo setpci -d 1050:0750 04.B=02 bmc update: ~# sudo burn_my_bmc --command update --interface ipmipci --image image-bmc --sig image-bmc.sig --type image bios update: ~# sudo burn_my_bmc --command update --interface ipmipci --image image-bios --sig image-bios.sig --type bios (From meta-quanta rev: 85d9f2a992421ca981ac11c6227ceb3531a3bb1a) Signed-off-by: George Hung Change-Id: I1a73f724c4cf16636c460d20c6efd409eac4e80f Signed-off-by: Andrew Geissler --- .../gbs-bios-update/files/bios-update.sh | 84 ++++++++++++++++++++++ .../gbs-bios-update/files/bios-verify.sh | 32 +++++++++ .../gbs-bios-update/files/config-bios.json | 20 ++++++ .../files/phosphor-ipmi-flash-bios-update.service | 9 +++ .../files/phosphor-ipmi-flash-bios-verify.service | 9 +++ .../recipes-gbs/gbs-bios-update/gbs-bios-update.bb | 39 ++++++++++ .../recipes-gbs/gbs-bmc-update/files/bmc-verify.sh | 22 ++++++ .../gbs-bmc-update/files/config-bmc.json | 21 ++++++ .../files/phosphor-ipmi-flash-bmc-verify.service | 9 +++ .../recipes-gbs/gbs-bmc-update/gbs-bmc-update.bb | 34 +++++++++ .../ipmi/phosphor-ipmi-flash_%.bbappend | 5 ++ .../packagegroups/packagegroup-gbs-apps.bb | 2 + 12 files changed, 286 insertions(+) create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-update.sh create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-verify.sh create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/config-bios.json create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-update.service create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-verify.service create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/gbs-bios-update.bb create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service create mode 100644 meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/gbs-bmc-update.bb create mode 100644 meta-quanta/meta-gbs/recipes-phosphor/ipmi/phosphor-ipmi-flash_%.bbappend (limited to 'meta-quanta') diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-update.sh b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-update.sh new file mode 100644 index 000000000..3a215fa50 --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-update.sh @@ -0,0 +1,84 @@ +#!/bin/sh +# Copyright 2020 Google LLC +# Copyright 2020 Quanta Computer Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global variables + +# GPIO to control the host SPI mux +SPI_SW_SELECT=169 + +# Kernel control string for bind/unbind +KERNEL_FIU_ID="c0000000.fiu" + +# Kernel sysfs path for bind/unbind +KERNEL_SYSFS_FIU="/sys/bus/platform/drivers/NPCM-FIU" + +IMAGE_FILE="/tmp/image-bios" + +# Taken from /run/initramfs/update +# Given label name, return mtd node. e.g. `findmtd bmc` returns 'mtd0' +findmtd() { + m=$(grep -xl "$1" /sys/class/mtd/*/name) + m=${m%/name} + m=${m##*/} + echo $m +} + +cleanup() { + if [ -d "${KERNEL_SYSFS_FIU}/${KERNEL_FIU_ID}" ]; then + echo "${KERNEL_FIU_ID}" > "${KERNEL_SYSFS_FIU}"/unbind + fi + echo low > /sys/class/gpio/gpio${SPI_SW_SELECT}/direction # Switch mux to host + rm -f ${IMAGE_FILE} +} +trap cleanup EXIT SIGHUP SIGINT SIGTERM + +main() { + if [ ! -f ${IMAGE_FILE} ]; then + echo "Invalid bios image file!" + exit 1 + fi + + echo "Starting bios update..." + if [ ! -d "/sys/class/gpio/gpio${SPI_SW_SELECT}" ]; then + echo "${SPI_SW_SELECT}" > /sys/class/gpio/export + fi + + echo high > /sys/class/gpio/gpio${SPI_SW_SELECT}/direction # Switch mux to BMC + + if [ -d "${KERNEL_SYSFS_FIU}/${KERNEL_FIU_ID}" ]; then + echo "${KERNEL_FIU_ID}" > "${KERNEL_SYSFS_FIU}"/unbind + fi + echo "${KERNEL_FIU_ID}" > "${KERNEL_SYSFS_FIU}"/bind + + # BIOS flash is labelled 'pnor' + pnor_mtd=$(findmtd pnor) + if [ -z "${pnor_mtd}" ]; then + echo "Cannot find bios flash mtd partition!" + exit 1 + fi + + flashcp -v $IMAGE_FILE /dev/"${pnor_mtd}" + if [ $? -eq 0 ]; then + echo "bios update successfully..." + else + echo "bios update failed..." + exit 1 + fi +} +# Exit without running main() if sourced +return 0 2>/dev/null + +main "$@" diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-verify.sh b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-verify.sh new file mode 100644 index 000000000..3da25e483 --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/bios-verify.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# Copyright (c) 2019-present Lenovo +# Copyright (c) 2020 Quanta Computer Inc. +# Licensed under BSD-3, see COPYING.BSD file for details. + +IMAGE_FILE="/tmp/bios-image" +SIG_FILE="/tmp/bmc.sig" +BURN_IMAGE="/tmp/image-bios" +sha256_image="FFFF" +sha256_file="EEEE" + +echo "Verify bios image..." + +if [ -e $IMAGE_FILE ] && [ -e $SIG_FILE ]; +then + sha256_image=`sha256sum "$IMAGE_FILE" | awk '{print $1}'` + sha256_file=`awk '{print $1}' $SIG_FILE` +fi + +if [[ $sha256_image != $sha256_file ]]; +then + echo "bios image verify fail." + rm -f $IMAGE_FILE + echo "Remove bios image" + exit 1 +else + echo "bios image verify ok." + mv $IMAGE_FILE $BURN_IMAGE + rm -f $SIG_FILE + exit 0 +fi diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/config-bios.json b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/config-bios.json new file mode 100644 index 000000000..efbe6f830 --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/config-bios.json @@ -0,0 +1,20 @@ +[{ + "blob": "/flash/bios", + "handler": { + "type": "file", + "path": "/tmp/bios-image" + }, + "actions": { + "preparation": { + "type": "skip" + }, + "verification": { + "type": "systemd", + "unit": "phosphor-ipmi-flash-bios-verify.service" + }, + "update": { + "type": "systemd", + "unit": "phosphor-ipmi-flash-bios-update.service" + } + } +}] diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-update.service b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-update.service new file mode 100644 index 000000000..a08816a4c --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-update.service @@ -0,0 +1,9 @@ +[Unit] +Description=Phosphor-ipmi-flash update BIOS service + +[Service] +ExecStart=/usr/bin/bios-update.sh +Type=oneshot + +[Install] +WantedBy=phosphor-ipmi-flash-bios-update.target diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-verify.service b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-verify.service new file mode 100644 index 000000000..af0e196b4 --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/files/phosphor-ipmi-flash-bios-verify.service @@ -0,0 +1,9 @@ +[Unit] +Description=Phosphor-ipmi-flash verify BIOS service + +[Service] +ExecStart=/usr/bin/bios-verify.sh +Type=oneshot + +[Install] +WantedBy=phosphor-ipmi-flash-bios-verify.target diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/gbs-bios-update.bb b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/gbs-bios-update.bb new file mode 100644 index 000000000..32b9d512b --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bios-update/gbs-bios-update.bb @@ -0,0 +1,39 @@ +PR = "r1" +LICENSE = "Apache-2.0 & BSD-3-Clause" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10 \ + file://${COREBASE}/meta/files/common-licenses/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9 \ + " + +inherit systemd +inherit obmc-phosphor-systemd + + +DEPENDS += "systemd" +DEPENDS += "phosphor-ipmi-flash" +RDEPENDS_${PN} += "bash" + +SRC_URI += " file://bios-verify.sh \ + file://bios-update.sh \ + file://phosphor-ipmi-flash-bios-verify.service \ + file://phosphor-ipmi-flash-bios-update.service \ + file://config-bios.json \ + " + +FILES_${PN} += "${datadir}/phosphor-ipmi-flash/config-bios.json" + +do_install() { + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/bios-verify.sh ${D}${bindir}/ + install -m 0755 ${WORKDIR}/bios-update.sh ${D}${bindir}/ + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/phosphor-ipmi-flash-bios-verify.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/phosphor-ipmi-flash-bios-update.service ${D}${systemd_system_unitdir} + + install -d ${D}${datadir}/phosphor-ipmi-flash + install -m 0644 ${WORKDIR}/config-bios.json ${D}${datadir}/phosphor-ipmi-flash +} + + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "phosphor-ipmi-flash-bios-verify.service phosphor-ipmi-flash-bios-update.service" diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh new file mode 100644 index 000000000..bbaf15d7d --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/bmc-verify.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +sigfile="/tmp/bmc.sig" +imagebmc="/run/initramfs/image-bmc" +bmcimage="/run/initramfs/bmc-image" +publickey="/etc/activationdata/OpenBMC/publickey" +bmclog="/tmp/update-bmc.log" + +if [ -f $publickey ];then + r="$(openssl dgst -verify $publickey -sha256 -signature $sigfile $bmcimage)" + echo "$r" > $bmclog + if [[ "Verified OK" == "$r" ]]; then + mv $bmcimage $imagebmc + rm -f $sigfile + exit 0 + else + exit 1 + fi +else + echo "No $publickey file" > $bmclog + exit 1 +fi diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json new file mode 100644 index 000000000..16c7151ed --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/config-bmc.json @@ -0,0 +1,21 @@ +[{ + "blob": "/flash/image", + "handler": { + "type": "file", + "path": "/run/initramfs/bmc-image" + }, + "actions": { + "preparation": { + "type": "skip" + }, + "verification": { + "type": "systemd", + "unit": "phosphor-ipmi-flash-bmc-verify.service" + }, + "update": { + "type": "systemd", + "unit": "reboot.target", + "mode": "replace-irreversibly" + } + } +}] diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service new file mode 100644 index 000000000..574b318ef --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/files/phosphor-ipmi-flash-bmc-verify.service @@ -0,0 +1,9 @@ +[Unit] +Description=Phosphor-ipmi-flash bmc verify service + +[Service] +ExecStart=/usr/bin/bmc-verify.sh +Type=oneshot + +[Install] +WantedBy=phosphor-ipmi-flash-bmc-verify.target diff --git a/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/gbs-bmc-update.bb b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/gbs-bmc-update.bb new file mode 100644 index 000000000..a177586ca --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-gbs/gbs-bmc-update/gbs-bmc-update.bb @@ -0,0 +1,34 @@ +PR = "r1" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + + +inherit systemd +inherit obmc-phosphor-systemd + + +SRC_URI = " file://phosphor-ipmi-flash-bmc-verify.service \ + file://bmc-verify.sh \ + file://config-bmc.json \ + " + +FILES_${PN} += "${datadir}/phosphor-ipmi-flash/config-bmc.json" + +DEPENDS += "systemd" +DEPENDS += "phosphor-ipmi-flash" +RDEPENDS_${PN} = "bash" + +do_install() { + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/bmc-verify.sh ${D}${bindir}/ + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/phosphor-ipmi-flash-bmc-verify.service ${D}${systemd_system_unitdir} + + install -d ${D}${datadir}/phosphor-ipmi-flash + install -m 0644 ${WORKDIR}/config-bmc.json ${D}${datadir}/phosphor-ipmi-flash +} + + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "phosphor-ipmi-flash-bmc-verify.service" diff --git a/meta-quanta/meta-gbs/recipes-phosphor/ipmi/phosphor-ipmi-flash_%.bbappend b/meta-quanta/meta-gbs/recipes-phosphor/ipmi/phosphor-ipmi-flash_%.bbappend new file mode 100644 index 000000000..9f4c89026 --- /dev/null +++ b/meta-quanta/meta-gbs/recipes-phosphor/ipmi/phosphor-ipmi-flash_%.bbappend @@ -0,0 +1,5 @@ +NUVOTON_FLASH_PCIMBOX = "0xF0848000" + +EXTRA_OECONF_append_gbs = " --enable-nuvoton-p2a-mbox" + +IPMI_FLASH_BMC_ADDRESS_gbs = "${NUVOTON_FLASH_PCIMBOX}" diff --git a/meta-quanta/meta-gbs/recipes-phosphor/packagegroups/packagegroup-gbs-apps.bb b/meta-quanta/meta-gbs/recipes-phosphor/packagegroups/packagegroup-gbs-apps.bb index 2be8c5130..4c1bb123c 100644 --- a/meta-quanta/meta-gbs/recipes-phosphor/packagegroups/packagegroup-gbs-apps.bb +++ b/meta-quanta/meta-gbs/recipes-phosphor/packagegroups/packagegroup-gbs-apps.bb @@ -31,4 +31,6 @@ RDEPENDS_${PN}-fans = " \ SUMMARY_${PN}-flash = "GBS Flash" RDEPENDS_${PN}-flash = " \ phosphor-ipmi-flash \ + gbs-bmc-update \ + gbs-bios-update \ " -- cgit v1.2.3