Skip to content

Commit

Permalink
Add the ability to update the RoT boot loader (stage0)
Browse files Browse the repository at this point in the history 
SpComponent::Stage0 (boot loader) is distinct from SpComponent::ROT (Hubris).

There is no support for an atomic switch-over to stage0 bank 1 (stage0next).
Copy from stage0next to stage0 is allowed if stage0next signatuire is valid at boot
time and contents still match boot-time contents.

Note: Only one stage0 update should be in process in a rack at a time to reduce the
chance of an interrupted copy bricking a subsystem.

RotStateV3 includes the FWID of all RoT image flash banks and error
information if an image is not valid. The FWID for invalid banks is
always computed and reported. This allows us to distinguish between
completly erased banks and those that are not completely erased:

The FWID over any erased bank is the "a7ff..." value below:
```
$ touch empty.bin
$ rot-fwid empty.bin
empty.bin 0 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
```

Add a versioned RoT Boot Info message to facilitate update of RoT Hubris independant
of SP or RoT being on a later version than the other.

SpStateV3 does not contain RotState because coupling them and allowing for version skew
over-complicates things.

Implement Display for RotState* for nicer human output.

Bumped the faux-mgs crate version

Add test for SpStateV3
  • Loading branch information
@lzrd
lzrd committed Apr 6, 2024
1 parent 5b64870 commit be45e50
Show file tree
Hide file tree
Showing 15 changed files with 811 additions and 51 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion faux-mgs/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "faux-mgs"
version = "0.1.0"
version = "0.2.0"
edition = "2021"
license = "MPL-2.0"

Expand Down
67 changes: 63 additions & 4 deletions faux-mgs/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,14 @@ enum Command {
/// Ask SP for its current state.
State,

/// Ask RoT via SP for its current boot-time information represented by
/// a particular struct.
RotBootInfo {
/// RotStateV2 is the default verion
#[clap(long, short, default_value = "3")]
version: u8,
},

/// Get the ignition state for a single target port (only valid if the SP is
/// an ignition controller).
Ignition {
Expand Down Expand Up @@ -178,6 +186,15 @@ enum Command {
},

/// Get or set the active slot of a component (e.g., `host-boot-flash`).
///
/// In the case of the bootloader flash banks, there is no atomic switching
/// from stage0next (bank 1), to stage0 (bank 0). Instead, contents are copied.
///
/// The copy is only performed if the signature on stage0next was valid at boot time
/// and the current contents still match the boot-time contents.
///
/// Power failures during the copy can disable the RoT. Only one stage0 update
/// should be in process in a rack at any time.
ComponentActiveSlot {
#[clap(value_parser = parse_sp_component)]
component: SpComponent,
Expand Down Expand Up @@ -821,8 +838,11 @@ async fn run_command(
lines.push(format!("hubris version: {:?}", state.version));
lines.push(format!("power state: {:?}", state.power_state));

// TODO: pretty print RoT state?
lines.push(format!("RoT state: {:?}", state.rot));
match state.rot {
Ok(rotstate) => lines.push(format!("{}", &rotstate)),
Err(err) => lines.push(format!("RoT state: {:?}", err)),
}

Ok(Output::Lines(lines))
}
VersionedSpState::V2(state) => {
Expand Down Expand Up @@ -850,12 +870,51 @@ async fn run_command(
.join(":")
));
lines.push(format!("power state: {:?}", state.power_state));
// TODO: pretty print RoT state?
lines.push(format!("RoT state: {:?}", state.rot));
match state.rot {
Ok(rotstate) => lines.push(format!("{}", &rotstate)),
Err(err) => lines.push(format!("RoT state: {:?}", err)),
}
Ok(Output::Lines(lines))
}
VersionedSpState::V3(state) => {
lines.push(format!(
"hubris archive: {}",
hex::encode(state.hubris_archive_id)
));

lines.push(format!(
"serial number: {}",
zero_padded_to_str(state.serial_number)
));
lines.push(format!(
"model: {}",
zero_padded_to_str(state.model)
));
lines.push(format!("revision: {}", state.revision));
lines.push(format!(
"base MAC address: {}",
state
.base_mac_address
.iter()
.map(|b| format!("{b:02x}"))
.collect::<Vec<_>>()
.join(":")
));
lines.push(format!("power state: {:?}", state.power_state));
Ok(Output::Lines(lines))
}
}
}
Command::RotBootInfo { version } => {
let state = sp.rot_state(version).await?;
info!(log, "{state:x?}");
if json {
return Ok(Output::Json(serde_json::to_value(state).unwrap()));
}
let mut lines = Vec::new();
lines.push(format!("{}", state));
Ok(Output::Lines(lines))
}
Command::Ignition { target } => {
let mut by_target = BTreeMap::new();
if let Some(target) = target.0 {
Expand Down
21 changes: 20 additions & 1 deletion gateway-messages/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ pub enum BadRequestReason {
DeserializationError,
}

/// Image slot name for SwitchDefaultImage
/// Image slot name for SwitchDefaultImage on component ROT
#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
)]
Expand All @@ -135,6 +135,25 @@ pub enum RotSlotId {
B,
}

/// Image slot name for SwitchDefaultImage on component STAGE0
#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
)]
pub enum Stage0SlotId {
Stage0,
Stage0Next,
}

#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
)]
pub enum ComponentSlot {
/// Hubris flash slot
Rot(RotSlotId),
/// Bootloader flash slot
Stage0(Stage0SlotId),
}

/// Duration for SwitchDefaultImage
#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
Expand Down
5 changes: 5 additions & 0 deletions gateway-messages/src/mgs_to_sp.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,11 @@ pub enum MgsRequest {
/// Dump information about the lock state of the VPD (Vital Product Data)
/// The values are serialized in the trailer of the packet
VpdLockState,

/// Read RoT boot state at the highest version not to exceed specified version.
VersionedRotBootInfo {
version: u8,
},
}

#[derive(
Expand Down
21 changes: 21 additions & 0 deletions gateway-messages/src/sp_impl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ use crate::MgsError;
use crate::MgsRequest;
use crate::MgsResponse;
use crate::PowerState;
use crate::RotBootInfo;
use crate::RotRequest;
use crate::RotResponse;
use crate::RotSlotId;
Expand Down Expand Up @@ -394,6 +395,13 @@ pub trait SpHandler {

fn vpd_lock_status_all(&mut self, buf: &mut [u8])
-> Result<usize, SpError>;

fn versioned_rot_boot_info(
&mut self,
sender: SocketAddrV6,
port: SpPort,
version: u8,
) -> Result<RotBootInfo, SpError>;
}

/// Handle a single incoming message.
Expand Down Expand Up @@ -961,6 +969,10 @@ fn handle_mgs_request<H: SpHandler>(
}
r.map(|_| SpResponse::VpdLockState)
}
MgsRequest::VersionedRotBootInfo { version } => {
let r = handler.versioned_rot_boot_info(sender, port, version);
r.map(SpResponse::RotBootInfo)
}
};

let response = match result {
Expand Down Expand Up @@ -1365,6 +1377,15 @@ mod tests {
) -> Result<usize, SpError> {
unimplemented!()
}

fn versioned_rot_boot_info(
&mut self,
_sender: SocketAddrV6,
_port: SpPort,
_version: u8,
) -> Result<RotBootInfo, SpError> {
unimplemented!()
}
}

#[cfg(feature = "std")]
Expand Down
Loading

0 comments on commit be45e50

Please sign in to comment.