firmware-watchdog, detect virtualization

author: Andrey V.Kosteltsev <AKosteltsev@IBS.RU> 2022-06-03 00:30:26 +0300
committer: Andrey V.Kosteltsev <AKosteltsev@IBS.RU> 2022-06-03 00:30:26 +0300
commit: 5bc525e8e696ad7c00480102ebb2951f3bf82127 (patch)
tree: b84249b266a66906f72190023f2b8f4fcca9f94f /meta-ibs/meta-common/recipes-phosphor
parent: 2169159e01901ac82f44641d764e72a264ffde46 (diff)
download: openbmc-5bc525e8e696ad7c00480102ebb2951f3bf82127.tar.xz
4 files changed, 303 insertions, 6 deletions
diff --git a/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend b/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend
index 61fefda887..339740dfbd 100644
--- a/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend
+++ b/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend
@@ -2,4 +2,10 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
 
 DESCRIPTION = "Pinging system watchdog before BMC update"
 
-SRC_URI += "file://obmc-shutdown.sh"
+SRC_URI += "file://obmc-shutdown.sh \
+            file://obmc-update.sh \
+           "
+
+do_install:append() {
+    echo "/etc/default/obmc/firmware-watchdog/firmware-watchdog.conf" >> ${D}/whitelist
+}
diff --git a/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/obmc-shutdown.sh b/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/obmc-shutdown.sh
index 204665de7e..e5eadaca2b 100644
--- a/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/obmc-shutdown.sh
+++ b/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/obmc-shutdown.sh
@@ -55,7 +55,7 @@ then
 			wd=
 		fi
 		$update --clean-saved-files
-		remaining=$(ls $image*)
+		remaining=$(ls $image* 2>/dev/null)
 		if test -n "$remaining"
 		then
 			echo 1>&2 "Flash update failed to flash these images:"
diff --git a/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/obmc-update.sh b/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/obmc-update.sh
new file mode 100644
index 0000000000..bd4cfb14d4
--- /dev/null
+++ b/meta-ibs/meta-common/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/obmc-update.sh
@@ -0,0 +1,290 @@
+#!/bin/sh
+
+echo update: "$@"
+
+echoerr() {
+	echo 1>&2 "ERROR: $@"
+}
+
+cd /
+if ! test -r /proc/mounts || ! test -f /proc/mounts
+then
+	mkdir -p /proc
+	mount -t proc proc proc
+fi
+if ! test -d /sys/class
+then
+	mkdir -p /sys
+	mount -t sysfs sys sys
+fi
+if ! test -c /dev/null
+then
+	mkdir -p /dev
+	mount -t devtmpfs dev dev
+fi
+
+# mtd number N with mtd name Name can be mounted via mtdN, or mtd:Name
+# (with a mtd aware fs) or by /dev/mtdblockN (with a mtd or block fs).
+mtdismounted() {
+	m=${1##mtd}
+	if grep -s "mtdblock$m " /proc/mounts || grep -s "mtd$m " /proc/mounts
+	then
+		return 0
+	fi
+	n=$(cat /sys/class/mtd/mtd$m/name)
+	if test -n "$n" && grep -s "mtd:$n " /proc/mounts
+	then
+		return 0
+	fi
+	return 1
+}
+
+# Detect child partitions when the whole flash is to be updated.
+# Ignore mtdNro and mtdblockN names in the class subsystem directory.
+childmtds() {
+	for m in /sys/class/mtd/$1/mtd*
+	do
+		m=${m##*/}
+		if test "${m%ro}" = "${m#mtdblock}"
+		then
+			echo $m
+		fi
+	done
+}
+
+toobig() {
+	if test $(stat -L -c "%s" "$1") -gt $(cat /sys/class/mtd/"$2"/size)
+	then
+		return 0
+	fi
+	return 1
+}
+
+findmtd() {
+	m=$(grep -xl "$1" /sys/class/mtd/*/name)
+	m=${m%/name}
+	m=${m##*/}
+	echo $m
+}
+
+blkid_fs_type() {
+	# Emulate util-linux's `blkid -s TYPE -o value $1`
+	# Example busybox blkid output:
+	#    # blkid /dev/mtdblock5
+	#    /dev/mtdblock5: TYPE="squashfs"
+	# Process output to extract TYPE value "squashfs".
+	blkid $1 | sed -e 's/^.*TYPE="//' -e 's/".*$//'
+}
+
+probe_fs_type() {
+	fst=$(blkid_fs_type $1)
+	echo ${fst:=jffs2}
+}
+
+rwfs=$(findmtd rwfs)
+
+rwdev=/dev/mtdblock${rwfs#mtd}
+rwopts=rw
+rorwopts=ro${rwopts#rw}
+
+rwdir=/run/initramfs/rw
+upper=$rwdir/cow
+save=/run/save/${upper##*/}
+
+mounted=
+doflash=y
+doclean=
+dosave=y
+dorestore=y
+toram=
+checksize=y
+checkmount=y
+
+whitelist=/run/initramfs/whitelist
+image=/run/initramfs/image-
+imglist=
+
+firmware_watchdog_config=$upper/etc/default/obmc/firmware-watchdog/firmware-watchdog.conf
+
+set_fw_watchdog_status() {
+	sed -i "s,\(^[ \t]*SYSTEM_STATUS=\).*,\1$1," ${firmware_watchdog_config}
+}
+
+set_fw_watchdog_counter() {
+	sed -i "s,\(^[ \t]*REQUEST_COUNTER=\).*,\1$1," ${firmware_watchdog_config}
+}
+
+while test "$1" != "${1#-}"
+do
+	case "$1" in
+	--help)
+		cat <<HERE
+Usage: $0 [options] -- Write images in /run/initramfs to flash (/dev/mtd*)
+    --help                    Show this message
+    --no-flash                Don't attempt to write images to flash
+    --ignore-size             Don't compare image size to mtd device size
+    --ignore-mount            Don't check if destination is mounted
+    --save-files              Copy whitelisted files to save directory in RAM
+    --no-save-files           Don't copy whitelisted files to save directory
+    --copy-files              Copy files from save directory to rwfs mountpoint
+    --restore-files           Restore files from save directory to rwfs layer
+    --no-restore-files        Don't restore saved files from ram to rwfs layer
+    --clean-saved-files       Delete saved whitelisted files from RAM
+    --no-clean-saved-files    Retain saved whitelisted files in RAM
+HERE
+
+	    exit 0 ;;
+
+	--no-clean-saved-files)
+		doclean=
+		shift ;;
+	--clean-saved-files)
+		doclean=y
+		shift ;;
+	--no-save-files)
+		dosave=
+		shift ;;
+	--save-files)
+		dosave=y
+		shift ;;
+	--no-restore-files)
+		dorestore=
+		shift ;;
+	--restore-files)
+		dorestore=y
+		shift ;;
+	--no-flash)
+		doflash=
+		shift ;;
+	--ignore-size)
+		checksize=
+		shift ;;
+	--ignore-mount)
+		checkmount=
+		doflash=
+		shift ;;
+	--copy-files)
+		toram=y
+		shift ;;
+	*)
+		echoerr "Unknown option $1.  Try $0 --help."
+		exit 1 ;;
+	esac
+done
+
+if test "x$dosave" = xy
+then
+	if test ! -d $upper -a -n "$rwfs"
+	then
+		mkdir -p $rwdir
+		mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rwopts
+		mounted=$rwdir
+	fi
+
+	if test -f ${firmware_watchdog_config}
+	then
+		set_fw_watchdog_status  upgraded
+		set_fw_watchdog_counter 0
+	fi
+
+	while read f
+	do
+		# Entries shall start with /, no trailing /.. or embedded /../
+		if test "/${f#/}" != "$f" -o "${f%/..}" != "${f#*/../}"
+		then
+			echo 1>&2 "WARNING: Skipping bad whitelist entry $f."
+			continue
+		fi
+		if ! test -e "$upper/$f"
+		then
+			continue
+		fi
+		d="$save/$f"
+		while test "${d%/}" != "${d%/.}"
+		do
+			d="${d%/.}"
+			d="${d%/}"
+		done
+		mkdir -p "${d%/*}"
+		cp -rp "$upper/$f" "${d%/*}/"
+	done < $whitelist
+
+	if test -n "$mounted"
+	then
+		umount $mounted
+	fi
+fi
+
+imglist=$(echo $image*)
+if test "$imglist" = "$image*" -a ! -e "$imglist"
+then
+	# shell didn't expand the wildcard, so no files exist
+	echo "No images found to update."
+	imglist=
+fi
+
+for f in $imglist
+do
+	m=$(findmtd ${f#$image})
+	if test -z "$m"
+	then
+		echoerr "Unable to find mtd partition for ${f##*/}."
+		exit 1
+	fi
+	if test -n "$checksize" && toobig "$f" "$m"
+	then
+		echoerr "Image ${f##*/} too big for $m."
+		exit 1
+	fi
+	for s in $m $(childmtds $m)
+	do
+		if test -n "$checkmount" && mtdismounted $s
+		then
+			echoerr "Device $s is mounted, ${f##*/} is busy."
+			exit 1
+		fi
+	done
+done
+
+if test -n "$doflash"
+then
+	for f in $imglist
+	do
+		if test ! -s $f
+		then
+			echo "Skipping empty update of ${f#$image}."
+			rm $f
+			continue
+		fi
+		m=$(findmtd ${f#$image})
+		echo "Updating ${f#$image}..."
+		flashcp -v $f /dev/$m && rm $f
+	done
+fi
+
+if test -d $save -a "x$toram" = xy
+then
+	mkdir -p $upper
+	cp -rp $save/. $upper/
+fi
+
+if test -d $save -a "x$dorestore" = xy
+then
+	odir=$rwdir
+	rwdir=/run/rw
+	upper=$rwdir${upper#$odir}
+
+	mkdir -p $rwdir
+	mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rwopts
+	mkdir -p $upper
+	cp -rp $save/. $upper/
+	umount $rwdir
+	rmdir $rwdir
+fi
+
+if test "x$doclean" = xy
+then
+	rm -rf $save
+fi
+
+exit
diff --git a/meta-ibs/meta-common/recipes-phosphor/interfaces/bmcweb-init-certs/bmcweb-init-certs b/meta-ibs/meta-common/recipes-phosphor/interfaces/bmcweb-init-certs/bmcweb-init-certs
index ea0d796f7d..d376f9a5d1 100644
--- a/meta-ibs/meta-common/recipes-phosphor/interfaces/bmcweb-init-certs/bmcweb-init-certs
+++ b/meta-ibs/meta-common/recipes-phosphor/interfaces/bmcweb-init-certs/bmcweb-init-certs
@@ -23,13 +23,14 @@ rm -f ${PRIV_KEY_NAME} ${SERV_KEY_NAME}
 #
 # Create new private PEM-key:
 #
-systemctl restart phosphor-certificate-manager@bmcweb.service
+systemctl stop  phosphor-certificate-manager@bmcweb.service
+systemctl start phosphor-certificate-manager@bmcweb.service
 
 count=0
 # wait for 5 minutes until the certificate manager creates the private PEM-key
 while [ ! -f ${PRIV_KEY_NAME} ] && [ ${count} -lt 300 ]
 do
-  count=$[ $count + 1]
+  count=$[ $count + 1 ]
   sleep 1
 done
 
@@ -40,9 +41,9 @@ systemctl restart bmcweb.service
 
 count=0
 # wait for 5 minutes until the bmcweb creates the server PEM-key
-while [ ! -f ${PRIV_KEY_NAME} ] && [ ${count} -lt 300 ]
+while [ ! -f ${SERV_KEY_NAME} ] && [ ${count} -lt 300 ]
 do
-  count=$[ $count + 1]
+  count=$[ $count + 1 ]
   sleep 1
 done
author	Andrey V.Kosteltsev <AKosteltsev@IBS.RU>	2022-06-03 00:30:26 +0300
committer	Andrey V.Kosteltsev <AKosteltsev@IBS.RU>	2022-06-03 00:30:26 +0300
commit	5bc525e8e696ad7c00480102ebb2951f3bf82127 (patch)
tree	b84249b266a66906f72190023f2b8f4fcca9f94f /meta-ibs/meta-common/recipes-phosphor
parent	2169159e01901ac82f44641d764e72a264ffde46 (diff)
download	openbmc-5bc525e8e696ad7c00480102ebb2951f3bf82127.tar.xz