dasharo-deploy: Add sanity check before flash

[3mkusiak]

Add last resort check before running flashrom.

For now target is fd_first branch, will change this once it gets merged.

[3mkusiak]

Example run (qemu)

Heads transiton, FD and ME disabled scenario.

*********************************************************
**     1) Dasharo HCL report
**     2) Update Dasharo Firmware
**     3) Restore firmware from Dasharo HCL report
**     4) Edit your DPP keys
**     5) DTS extensions
**     6) Transition Dasharo Firmware
**     7) Fuse platform
*********************************************************
R to reboot  P to poweroff  S to enter shell
K to stop SSH server  L to enable sending DTS logs
C to display DPP credentials

Enter an option:
2
Gathering flash chip and chipset information...
Flash information: Opaque flash chip
Flash size: 2M
Waiting for network connection ...
Network connection have been established!
Downloading board configs repository...
Checking if board is Dasharo compatible.
Getting platform specific GPG key... Done
Waiting for system clock to be synced ...
Would you like to switch to Dasharo heads firmware? [y|n]: y

Switching to Dasharo heads firmware v0.9.0
Current Dasharo version: 0.9.4
Latest available Dasharo version for your subscription: 0.9.0 (coreboot+Heads)
Downloading Dasharo firmware...
Checking Dasharo firmware checksum... Verified.
Checking Dasharo firmware signature... Verified.


Please verify detected hardware!

Board vendor: Micro-Star International Co., Ltd.
System model: MS-7E06
Board model: PRO Z790-P WIFI (MS-7E06)

Does it match your actual specification? [y|n]: y
Following firmware will be used to deploy Dasharo:
Dasharo BIOS firmware:
  - link: dasharo-msi-heads/MS-7E06/v0.9.0/msi_ms7e06_v0.9.0_ddr5_heads.rom
  - hash: 22d12343f5ddecde32b9f3fe03314864e5397e46c31770f627c801e27e3c9b09

You can learn more about this release on: https://docs.dasharo.com/

Do you want to deploy this Dasharo Firmware on your platform [y|n]: y
Updating Dasharo firmware...
This may take several minutes. Please be patient and do not
power off your computer or touch the keyboard!
Checking flash layout.
Scheduling main firmware update...
The firmware binary to be flashed contains Flash Descriptor (FD), but FD is not writable!
The firmware binary contains Management Engine (ME), but ME is not writable!
You can read more about issues with FD or ME on
https://docs.dasharo.com/guides/firmware-update/#known-issues
Cannot proceed with heads update when FD and ME are locked!
Do you want to send console logs to 3mdeb? [y|n]: n
Press Enter to continue.

[m-iwanicki]

Suggested change

	if [ "$BOARD_FD_REGION_RW" -eq 0 ]; then
	if [[ "$BOARD_HAS_FD_REGION" -eq 1 && "$BOARD_FD_REGION_RW" -eq 0 ]]; then

[m-iwanicki]

Suggested change

	if [ "$BOARD_ME_REGION_RW" -eq 0 ]; then
	if [[ "$BOARD_HAS_ME_REGION" -eq 1 && "$BOARD_ME_REGION_RW" -eq 0 ]]; then

[m-iwanicki]

I feel like it should check what really is flashed by parsing _jobs.

[m-iwanicki]

You can ignore this comment if you think it's OK.

[m-iwanicki]

I'm not sure about correctness of this implementation, will need to check cases where we only flash e.g. COREBOOT like every PC Engines. There is also Optiplex:

optiplex-7010 UEFI Update - DPP.profile:35:flashrom -p internal -N --fmap -i COREBOOT -w /tmp/biosupdate

Not sure if we should warn in this case if we are not even flashing FD (because it's identical). If we are currently printing warning then it's ok.

[m-iwanicki]

Add link to docs with information what should be done (if it doesn't exists then add it). Maybe: https://docs.dasharo.com/guides/firmware-update/#known-issues.
For MSI (locked FD): The following warnings appear when updating Dasharo: should be good enough.
For ME you could add generic: Make sure ME is set to HAP disabled. If this doesn't work then try with ME Soft Disabled.