From 580e9c2c2c4c85a9aab868c8b793840e7134f6f0 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <wak@google.com>
Date: Mon, 13 Apr 2020 13:18:11 -0700
Subject: noverify-bmc-update: Add definition

This will be used by some platforms by default when enabling
phosphor-ipmi-flash so that the BMC image can be updated without any
signature verification checks in place.

(From meta-phosphor rev: e076ee3295c74be2de43f496d7e0f4934d21ec2a)

Change-Id: Ibe22f1189a3bda1dba535a8ade5043312c72a953
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
---
 .../recipes-phosphor/flash/noverify-bmc-update.bb    | 19 +++++++++++++++++++
 .../flash/noverify-bmc-update/config-bmc.json        | 20 ++++++++++++++++++++
 .../noverify-bmc-update/noverify-bmc-verify.service  |  6 ++++++
 3 files changed, 45 insertions(+)
 create mode 100644 meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
 create mode 100644 meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
 create mode 100644 meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service

diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
new file mode 100644
index 0000000000..fb1480fb12
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
@@ -0,0 +1,19 @@
+DESCRIPTION = "phosphor-ipmi-flash config to update without verifying the image"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+inherit systemd
+
+SRC_URI += "file://noverify-bmc-verify.service"
+SRC_URI += "file://config-bmc.json"
+
+SYSTEMD_SERVICE_${PN} += "noverify-bmc-verify.service"
+FILES_${PN} += "${datadir}/phosphor-ipmi-flash/config-bmc.json"
+
+do_install() {
+  install -d ${D}${datadir}/phosphor-ipmi-flash
+  install -m 0644 ${WORKDIR}/config-bmc.json ${D}${datadir}/phosphor-ipmi-flash
+
+  install -d ${D}${systemd_system_unitdir}
+  install -m 0644 ${WORKDIR}/noverify-bmc-verify.service ${D}${systemd_system_unitdir}
+}
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
new file mode 100644
index 0000000000..86afb3ba3b
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
@@ -0,0 +1,20 @@
+[{
+	"blob": "/flash/image",
+	"handler": {
+		"type": "file",
+		"path": "/run/initramfs/bmc-image"
+	},
+	"actions": {
+		"preparation": {
+			"type": "skip"
+		},
+		"verification": {
+			"type": "systemd",
+			"unit": "noverify-bmc-verify.service"
+		},
+		"update": {
+			"type": "systemd",
+			"unit": "reboot.target"
+		}
+	}
+}]
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service
new file mode 100644
index 0000000000..50855b6b27
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Don't verify the image, just stage it for update
+
+[Service]
+Type=oneshot
+ExecStart=/bin/mv /run/initramfs/bmc-image /run/initramfs/image-bmc
-- 
cgit v1.2.3