Added support for validation unsecure mode

Support added for validation unsecure mode under compile flag
which will be enabled only with debug-tweaks. Default is disabled.

Tested:
Along with intel-ipmi-oem changes for set security mode command
1. Verified that system goes to validation unsecure mode
as per the Set Security Mode command.
2. Able to execute all the manufacturing mode command in this state
3. Mode preserved during reboot and not in reset to defaults

Change-Id: Ice33d2c02ac8c0c0276ba16651f8acbd3d5b8cd4
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

3 files changed, 36 insertions, 1 deletions

diff --git a/special-mode-mgr/CMakeLists.txt b/special-mode-mgr/CMakeLists.txt
index cefe6ff..ea54904 100644
--- a/special-mode-mgr/CMakeLists.txt
+++ b/special-mode-mgr/CMakeLists.txt
@@ -37,6 +37,16 @@ target_link_libraries(${PROJECT_NAME} phosphor_logging)
 
 link_directories(${EXTERNAL_INSTALL_LOCATION}/lib)
 
+option(
+  BMC_VALIDATION_UNSECURE_FEATURE
+  "Enables unsecure features required by validation. Note: must
+    be turned off for production images."
+  OFF)
+target_compile_definitions(${PROJECT_NAME}
+                           PRIVATE
+                           $<$<BOOL:${BMC_VALIDATION_UNSECURE_FEATURE}>:
+                           -DBMC_VALIDATION_UNSECURE_FEATURE>)
+
 set(SERVICE_FILES ${PROJECT_SOURCE_DIR}/specialmodemgr.service)
 
 install(TARGETS ${PROJECT_NAME} DESTINATION bin)
diff --git a/special-mode-mgr/include/specialmodemgr.hpp b/special-mode-mgr/include/specialmodemgr.hpp
index 2f0183b..9146b01 100644
--- a/special-mode-mgr/include/specialmodemgr.hpp
+++ b/special-mode-mgr/include/specialmodemgr.hpp
@@ -18,6 +18,7 @@
 
 #include <sdbusplus/asio/object_server.hpp>
 #include <chrono>
+#include <filesystem>
 
 static constexpr const char* strSpecialMode = "SpecialMode";
 
@@ -25,7 +26,10 @@ enum SpecialMode : uint8_t
 {
     none = 0,
     manufacturingExpired = 1,
-    manufacturingMode = 2
+    manufacturingMode = 2,
+#ifdef BMC_VALIDATION_UNSECURE_FEATURE
+    validationUnsecure = 3,
+#endif
 };
 
 class SpecialModeMgr
@@ -38,6 +42,7 @@ class SpecialModeMgr
     std::unique_ptr<boost::asio::steady_timer> timer = nullptr;
     std::unique_ptr<sdbusplus::bus::match::match> intfAddMatchRule = nullptr;
     std::unique_ptr<sdbusplus::bus::match::match> propUpdMatchRule = nullptr;
+    std::filesystem::path validationModeFile = "/var/validation_unsecure_mode";
     void addSpecialModeProperty();
     void checkAndAddSpecialModeProperty(const std::string& provMode);
     void updateTimer(int countInSeconds);
diff --git a/special-mode-mgr/src/specialmodemgr.cpp b/special-mode-mgr/src/specialmodemgr.cpp
index f1ed722..44f12cc 100644
--- a/special-mode-mgr/src/specialmodemgr.cpp
+++ b/special-mode-mgr/src/specialmodemgr.cpp
@@ -50,6 +50,15 @@ SpecialModeMgr::SpecialModeMgr(
     timer(std::make_unique<boost::asio::steady_timer>(io))
 {
 
+#ifdef BMC_VALIDATION_UNSECURE_FEATURE
+    if (std::filesystem::exists(validationModeFile))
+    {
+        specialMode = validationUnsecure;
+        addSpecialModeProperty();
+        return;
+    }
+#endif
+
     // Following condition must match to indicate specialMode.
     // Mark the mode as None for any failure.
     // 1. U-Boot detected power button press & indicated "special=mfg"
@@ -195,6 +204,17 @@ void SpecialModeMgr::addSpecialModeProperty()
         strSpecialMode, specialMode,
         // Ignore set
         [this](const uint8_t& req, uint8_t& propertyValue) {
+#ifdef BMC_VALIDATION_UNSECURE_FEATURE
+            if ((req == validationUnsecure) && (specialMode != req))
+            {
+                std::ofstream output(validationModeFile);
+                output.close();
+                specialMode = req;
+                propertyValue = req;
+                return 1;
+            }
+#endif
+
             if (req == manufacturingExpired && specialMode != req)
             {
                 specialMode = req;