Skip to content

Commit

Permalink
Add the ability to update the RoT boot loader (stage0)
Browse files Browse the repository at this point in the history 
SpComponent::Stage0 (boot loader) is distinct from SpComponent::ROT (Hubris).

There is no support for an atomic switch-over to stage0 bank 1 (stage0next).
Copy from stage0next to stage0 is allowed if stage0next signatuire is valid at boot
time and contents still match boot-time contents.

Note: Only one stage0 update should be in process in a rack at a time to reduce the
chance of an interrupted copy bricking a subsystem.

RotStateV3 includes the FWID of all RoT image flash banks and error
information if an image is not valid. The FWID for invalid banks is
always computed and reported. This allows us to distinguish between
completly erased banks and those that are not completely erased:

The FWID over any erased bank is the "a7ff..." value below:
```
$ touch empty.bin
$ rot-fwid empty.bin
empty.bin 0 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
```

Add a versioned RoT Boot Info message to facilitate update of RoT Hubris independant
of SP or RoT being on a later version than the other.

SpStateV3 does not contain RotState because coupling them and allowing for version skew
over-complicates things.

Implement Display for RotState* for nicer human output.

Bumped the faux-mgs crate version

Add test for SpStateV3
  • Loading branch information
@lzrd
lzrd committed Apr 22, 2024
1 parent 2b57ea9 commit 082c523
Show file tree
Hide file tree
Showing 14 changed files with 773 additions and 61 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion faux-mgs/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "faux-mgs"
version = "0.1.0"
version = "0.1.1"
edition = "2021"
license = "MPL-2.0"

Expand Down
74 changes: 70 additions & 4 deletions faux-mgs/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ use gateway_messages::ComponentAction;
use gateway_messages::IgnitionCommand;
use gateway_messages::LedComponentAction;
use gateway_messages::PowerState;
use gateway_messages::RotBootInfoDisplay;
use gateway_messages::RotStateV2Display;
use gateway_messages::SpComponent;
use gateway_messages::StartupOptions;
use gateway_messages::UpdateId;
Expand Down Expand Up @@ -178,6 +180,16 @@ enum Command {
},

/// Get or set the active slot of a component (e.g., `host-boot-flash`).
///
/// Except for component "stage0", setting the active slot can be
/// viewed as an atomic operation.
///
/// Setting "stage0" slot 1 as the active slot initiates a copy from
/// slot 1 to slot 0 if the contents of slot 1 still match those seen
/// at last RoT reset and the contents are properly signed.
///
/// Power failures during the copy can disable the RoT. Only one stage0
/// update should be in process in a rack at any time.
ComponentActiveSlot {
#[clap(value_parser = parse_sp_component)]
component: SpComponent,
Expand Down Expand Up @@ -373,6 +385,13 @@ enum Command {

/// Reads the lock status of any VPD in the system
VpdLockStatus,

/// Read the RoT's boot-time information.
RotBootInfo {
/// Return highest version of RotBootInfo less then or equal to given
#[clap(long, short, default_value = "3")]
version: u8,
},
}

#[derive(Subcommand, Debug, Clone)]
Expand Down Expand Up @@ -828,8 +847,11 @@ async fn run_command(
lines.push(format!("hubris version: {:?}", state.version));
lines.push(format!("power state: {:?}", state.power_state));

// TODO: pretty print RoT state?
lines.push(format!("RoT state: {:?}", state.rot));
match state.rot {
Ok(rotstate) => lines.push(format!("{:?}", rotstate)),
Err(err) => lines.push(format!("RoT state: {:?}", err)),
}

Ok(Output::Lines(lines))
}
VersionedSpState::V2(state) => {
Expand Down Expand Up @@ -857,11 +879,55 @@ async fn run_command(
.join(":")
));
lines.push(format!("power state: {:?}", state.power_state));
// TODO: pretty print RoT state?
lines.push(format!("RoT state: {:?}", state.rot));
match state.rot {
Ok(rotstate) => {
lines.push(format!(
"{}",
&RotStateV2Display(&rotstate)
));
}
Err(err) => lines.push(format!("RoT state: {:?}", err)),
}
Ok(Output::Lines(lines))
}
VersionedSpState::V3(state) => {
lines.push(format!(
"hubris archive: {}",
hex::encode(state.hubris_archive_id)
));

lines.push(format!(
"serial number: {}",
zero_padded_to_str(state.serial_number)
));
lines.push(format!(
"model: {}",
zero_padded_to_str(state.model)
));
lines.push(format!("revision: {}", state.revision));
lines.push(format!(
"base MAC address: {}",
state
.base_mac_address
.iter()
.map(|b| format!("{b:02x}"))
.collect::<Vec<_>>()
.join(":")
));
lines.push(format!("power state: {:?}", state.power_state));
Ok(Output::Lines(lines))
}
}
}
Command::RotBootInfo { version } => {
let state = sp.rot_state(version).await?;
info!(log, "{state:x?}");
if json {
return Ok(Output::Json(serde_json::to_value(state).unwrap()));
}
let mut lines = Vec::new();
lines.push(format!("{}", &RotBootInfoDisplay(&state)));
Ok(Output::Lines(lines))
}
Command::Ignition { target } => {
let mut by_target = BTreeMap::new();
Expand Down
21 changes: 20 additions & 1 deletion gateway-messages/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ pub enum BadRequestReason {
DeserializationError,
}

/// Image slot name for SwitchDefaultImage
/// Image slot name for SwitchDefaultImage on component ROT
#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
)]
Expand All @@ -138,6 +138,25 @@ pub enum RotSlotId {
B,
}

/// Image slot name for SwitchDefaultImage on component STAGE0
#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
)]
pub enum Stage0SlotId {
Stage0,
Stage0Next,
}

#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
)]
pub enum ComponentSlot {
/// Hubris flash slot
Rot(RotSlotId),
/// Bootloader flash slot
Stage0(Stage0SlotId),
}

/// Duration for SwitchDefaultImage
#[derive(
Debug, Clone, Copy, PartialEq, Eq, SerializedSize, Serialize, Deserialize,
Expand Down
5 changes: 5 additions & 0 deletions gateway-messages/src/mgs_to_sp.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,11 @@ pub enum MgsRequest {
ComponentWatchdogSupported {
component: SpComponent,
},

/// Read RoT boot state at the highest version not to exceed specified version.
VersionedRotBootInfo {
version: u8,
},
}

#[derive(
Expand Down
21 changes: 21 additions & 0 deletions gateway-messages/src/sp_impl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ use crate::MgsError;
use crate::MgsRequest;
use crate::MgsResponse;
use crate::PowerState;
use crate::RotBootInfo;
use crate::RotRequest;
use crate::RotResponse;
use crate::RotSlotId;
Expand Down Expand Up @@ -412,6 +413,13 @@ pub trait SpHandler {
&mut self,
component: SpComponent,
) -> Result<(), SpError>;

fn versioned_rot_boot_info(
&mut self,
sender: SocketAddrV6,
port: SpPort,
version: u8,
) -> Result<RotBootInfo, SpError>;
}

/// Handle a single incoming message.
Expand Down Expand Up @@ -991,6 +999,10 @@ fn handle_mgs_request<H: SpHandler>(
MgsRequest::ComponentWatchdogSupported { component } => handler
.component_watchdog_supported(component)
.map(|()| SpResponse::ComponentWatchdogSupportedAck),
MgsRequest::VersionedRotBootInfo { version } => {
let r = handler.versioned_rot_boot_info(sender, port, version);
r.map(SpResponse::RotBootInfo)
}
};

let response = match result {
Expand Down Expand Up @@ -1416,6 +1428,15 @@ mod tests {
) -> Result<(), SpError> {
unimplemented!()
}

fn versioned_rot_boot_info(
&mut self,
_sender: SocketAddrV6,
_port: SpPort,
_version: u8,
) -> Result<RotBootInfo, SpError> {
unimplemented!()
}
}

#[cfg(feature = "std")]
Expand Down
Loading

0 comments on commit 082c523

Please sign in to comment.