From 9601b260aebf10afc582155c02148a1bc4605b40 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Wed, 1 May 2024 10:36:15 -0400 Subject: [PATCH] Bump gateway-messages and incorporate new RoT info The new RoT information includes details about stage0 (RoT bootloader) --- Cargo.lock | 73 +++--- Cargo.toml | 4 +- clients/gateway-client/src/lib.rs | 1 + dev-tools/omdb/src/bin/omdb/mgs.rs | 91 +++++++- .../configs/sp_sim_config.test.toml | 10 +- gateway/src/http_entrypoints.rs | 119 +++++++++- gateway/src/http_entrypoints/conversions.rs | 209 ++++++++++++++---- nexus/db-model/src/inventory.rs | 151 +++++++++++++ nexus/db-model/src/schema.rs | 7 + nexus/db-model/src/schema_versions.rs | 3 +- .../db-queries/src/db/datastore/inventory.rs | 34 +++ nexus/inventory/src/builder.rs | 48 +++- nexus/inventory/src/collector.rs | 2 + nexus/inventory/src/examples.rs | 10 +- .../tests/output/collector_basic.txt | 24 +- .../tests/output/collector_errors.txt | 24 +- .../output/collector_sled_agent_errors.txt | 24 +- nexus/reconfigurator/planning/src/system.rs | 123 ++++++++--- nexus/types/src/inventory.rs | 10 + openapi/gateway.json | 183 ++++++++++++++- openapi/wicketd.json | 109 ++++++++- schema/crdb/dbinit.sql | 29 ++- schema/crdb/expose-stage0/up01.sql | 17 ++ schema/crdb/expose-stage0/up02.sql | 8 + schema/crdb/expose-stage0/up03.sql | 2 + schema/crdb/expose-stage0/up04.sql | 2 + sp-sim/examples/config.toml | 4 +- sp-sim/src/gimlet.rs | 120 ++++++++-- sp-sim/src/lib.rs | 1 + sp-sim/src/sidecar.rs | 118 ++++++++-- wicket/src/ui/panes/overview.rs | 173 ++++++++++++++- wicketd/src/mgs/inventory.rs | 9 +- workspace-hack/Cargo.toml | 30 ++- 33 files changed, 1561 insertions(+), 211 deletions(-) create mode 100644 schema/crdb/expose-stage0/up01.sql create mode 100644 schema/crdb/expose-stage0/up02.sql create mode 100644 schema/crdb/expose-stage0/up03.sql create mode 100644 schema/crdb/expose-stage0/up04.sql diff --git a/Cargo.lock b/Cargo.lock index a362c64eefb..c2490bbe504 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -504,7 +504,7 @@ version = "0.69.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4c69fae65a523209d34240b60abe0c42d33d1045d445c0839d8a4894a736e2d" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cexpr", "clang-sys", "lazy_static", @@ -550,9 +550,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.2" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" dependencies = [ "serde", ] @@ -1368,7 +1368,7 @@ version = "0.27.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f476fe445d41c9e991fd07515a6f463074b782242ccf4a5b7b1d1012e70824df" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "crossterm_winapi", "futures-core", "libc", @@ -1786,7 +1786,7 @@ version = "2.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff236accb9a5069572099f0b350a92e9560e8e63a9b8d546162f4a5e03026bb2" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "byteorder", "chrono", "diesel_derives", @@ -2260,7 +2260,7 @@ dependencies = [ "russh-keys", "serde", "serde_json", - "socket2 0.5.6", + "socket2 0.5.7", "tokio", "toml 0.8.12", "trust-dns-resolver", @@ -2713,9 +2713,9 @@ dependencies = [ [[package]] name = "gateway-messages" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/management-gateway-service?rev=2739c18e80697aa6bc235c935176d14b4d757ee9#2739c18e80697aa6bc235c935176d14b4d757ee9" +source = "git+https://github.com/oxidecomputer/management-gateway-service?rev=c85a4ca043aaa389df12aac5348d8a3feda28762#c85a4ca043aaa389df12aac5348d8a3feda28762" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", "hubpack 0.1.2", "serde", "serde_repr", @@ -2729,7 +2729,7 @@ dependencies = [ [[package]] name = "gateway-sp-comms" version = "0.1.1" -source = "git+https://github.com/oxidecomputer/management-gateway-service?rev=2739c18e80697aa6bc235c935176d14b4d757ee9#2739c18e80697aa6bc235c935176d14b4d757ee9" +source = "git+https://github.com/oxidecomputer/management-gateway-service?rev=c85a4ca043aaa389df12aac5348d8a3feda28762#c85a4ca043aaa389df12aac5348d8a3feda28762" dependencies = [ "async-trait", "backoff", @@ -2740,18 +2740,19 @@ dependencies = [ "hubpack 0.1.2", "hubtools", "lru-cache", - "nix 0.26.2", + "nix 0.27.1", "once_cell", "paste", "serde", "serde-big-array 0.5.1", "slog", - "socket2 0.5.6", + "slog-error-chain", + "socket2 0.5.7", "string_cache", "thiserror", "tlvc 0.3.1 (git+https://github.com/oxidecomputer/tlvc.git?branch=main)", "tokio", - "usdt 0.3.5", + "usdt 0.5.0", "uuid", "version_check", "zip", @@ -3399,7 +3400,7 @@ dependencies = [ "http-body 1.0.0", "hyper 1.1.0", "pin-project-lite", - "socket2 0.5.6", + "socket2 0.5.7", "tokio", "tower", "tower-service", @@ -3778,7 +3779,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ - "socket2 0.5.6", + "socket2 0.5.7", "widestring", "windows-sys 0.48.0", "winreg", @@ -4277,9 +4278,9 @@ dependencies = [ [[package]] name = "memoffset" -version = "0.7.1" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4" +checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a" dependencies = [ "autocfg", ] @@ -4926,15 +4927,14 @@ dependencies = [ [[package]] name = "nix" -version = "0.26.2" -source = "git+https://github.com/jgallagher/nix?branch=r0.26-illumos#c1a3636db0524f194b714cfd117cd9b637b8b10e" +version = "0.27.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", "cfg-if", "libc", "memoffset", - "pin-utils", - "static_assertions", ] [[package]] @@ -4943,7 +4943,7 @@ version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ab2156c4fce2f8df6c499cc1c763e4394b7482525bf2a9701c9d79d215f519e4" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cfg-if", "cfg_aliases", "libc", @@ -5744,7 +5744,7 @@ dependencies = [ "bit-set", "bit-vec", "bitflags 1.3.2", - "bitflags 2.4.2", + "bitflags 2.5.0", "bstr 0.2.17", "bstr 1.9.0", "byteorder", @@ -5822,7 +5822,7 @@ dependencies = [ "sha2", "similar", "slog", - "socket2 0.5.6", + "socket2 0.5.7", "spin 0.9.8", "string_cache", "subtle", @@ -5840,7 +5840,6 @@ dependencies = [ "trust-dns-proto", "unicode-bidi", "unicode-normalization", - "usdt 0.3.5", "usdt-impl 0.5.0", "uuid", "yasna", @@ -5928,7 +5927,7 @@ version = "0.10.64" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cfg-if", "foreign-types 0.3.2", "libc", @@ -7047,7 +7046,7 @@ source = "git+https://github.com/oxidecomputer/propolis?rev=6dceb9ef69c217cb78a2 dependencies = [ "anyhow", "bhyve_api 0.0.0 (git+https://github.com/oxidecomputer/propolis?rev=6dceb9ef69c217cb78a2018bbedafbc19f6ec1af)", - "bitflags 2.4.2", + "bitflags 2.5.0", "bitstruct", "byteorder", "dladm", @@ -7180,7 +7179,7 @@ checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.4.2", + "bitflags 2.5.0", "lazy_static", "num-traits", "rand 0.8.5", @@ -7355,7 +7354,7 @@ version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a564a852040e82671dc50a37d88f3aa83bbc690dfc6844cfe7a2591620206a80" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cassowary", "compact_str", "crossterm", @@ -7708,7 +7707,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b91f7eff05f748767f183df4320a63d6936e9c6107d97c9e6bdd9784f4289c94" dependencies = [ "base64 0.21.7", - "bitflags 2.4.2", + "bitflags 2.5.0", "serde", "serde_derive", ] @@ -7796,7 +7795,7 @@ dependencies = [ "aes", "aes-gcm", "async-trait", - "bitflags 2.4.2", + "bitflags 2.5.0", "byteorder", "chacha20", "ctr", @@ -7931,7 +7930,7 @@ version = "0.38.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "errno", "libc", "linux-raw-sys", @@ -8065,7 +8064,7 @@ version = "14.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7803e8936da37efd9b6d4478277f4b2b9bb5cdb37a113e8d63222e58da647e63" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cfg-if", "clipboard-win", "fd-lock", @@ -8956,9 +8955,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.6" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ffd9c0a93b7543e062e759284fcf5f5e3b098501104bfbdde4d404db792871" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", "windows-sys 0.52.0", @@ -9692,7 +9691,7 @@ dependencies = [ "parking_lot 0.12.1", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.6", + "socket2 0.5.7", "tokio-macros", "windows-sys 0.48.0", ] @@ -9738,7 +9737,7 @@ dependencies = [ "postgres-protocol", "postgres-types", "rand 0.8.5", - "socket2 0.5.6", + "socket2 0.5.7", "tokio", "tokio-util", "whoami", diff --git a/Cargo.toml b/Cargo.toml index 12d2e954bed..a8e011a6ddd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -226,8 +226,8 @@ foreign-types = "0.3.2" fs-err = "2.11.0" futures = "0.3.30" gateway-client = { path = "clients/gateway-client" } -gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "2739c18e80697aa6bc235c935176d14b4d757ee9", default-features = false, features = ["std"] } -gateway-sp-comms = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "2739c18e80697aa6bc235c935176d14b4d757ee9" } +gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "c85a4ca043aaa389df12aac5348d8a3feda28762", default-features = false, features = ["std"] } +gateway-sp-comms = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "c85a4ca043aaa389df12aac5348d8a3feda28762" } gateway-test-utils = { path = "gateway-test-utils" } gethostname = "0.4.3" glob = "0.3.1" diff --git a/clients/gateway-client/src/lib.rs b/clients/gateway-client/src/lib.rs index 7dbc50eea2f..2ccc53e99a5 100644 --- a/clients/gateway-client/src/lib.rs +++ b/clients/gateway-client/src/lib.rs @@ -56,6 +56,7 @@ progenitor::generate_api!( SpState = { derives = [ PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize] }, RotState = { derives = [ PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize] }, RotImageDetails = { derives = [ PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize] }, + RotImageError = { derives = [ PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize] }, RotSlot = { derives = [ PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize] }, ImageVersion = { derives = [ PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize] }, HostPhase2RecoveryImageId = { derives = [ PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize] }, diff --git a/dev-tools/omdb/src/bin/omdb/mgs.rs b/dev-tools/omdb/src/bin/omdb/mgs.rs index cef3ff2a2cb..9c75fceebc0 100644 --- a/dev-tools/omdb/src/bin/omdb/mgs.rs +++ b/dev-tools/omdb/src/bin/omdb/mgs.rs @@ -288,10 +288,16 @@ fn show_sp_states( RotState::CommunicationFailed { message } => { format!("error: {}", message) } - RotState::Enabled { active: RotSlot::A, .. } => { + RotState::V2 { active: RotSlot::A, .. } => { "slot A".to_string() } - RotState::Enabled { active: RotSlot::B, .. } => { + RotState::V2 { active: RotSlot::B, .. } => { + "slot B".to_string() + } + RotState::V3 { active: RotSlot::A, .. } => { + "slot A".to_string() + } + RotState::V3 { active: RotSlot::B, .. } => { "slot B".to_string() } }, @@ -326,7 +332,7 @@ async fn show_sp_details( RotState::CommunicationFailed { message } => { println!(" error: {}", message); } - RotState::Enabled { + RotState::V2 { active, pending_persistent_boot_preference, persistent_boot_preference, @@ -376,6 +382,85 @@ async fn show_sp_details( }, ]; + let table = tabled::Table::new(rows) + .with(tabled::settings::Style::empty()) + .with(tabled::settings::Padding::new(0, 1, 0, 0)) + .to_string(); + println!("{}", textwrap::indent(&table.to_string(), " ")); + println!(""); + } + RotState::V3 { + active, + pending_persistent_boot_preference, + persistent_boot_preference, + slot_a_fwid, + slot_b_fwid, + transient_boot_preference, + stage0_fwid, + stage0next_fwid, + slot_a_status, + slot_b_status, + stage0_status, + stage0next_status, + } => { + #[derive(Tabled)] + #[tabled(rename_all = "SCREAMING_SNAKE_CASE")] + struct Row { + name: &'static str, + value: String, + } + + let rows = vec![ + Row { + name: "active slot", + value: format!("slot {:?}", active), + }, + Row { + name: "persistent boot preference", + value: format!("slot {:?}", persistent_boot_preference), + }, + Row { + name: "pending persistent boot preference", + value: pending_persistent_boot_preference + .map(|s| format!("slot {:?}", s)) + .unwrap_or_else(|| "-".to_string()), + }, + Row { + name: "transient boot preference", + value: transient_boot_preference + .map(|s| format!("slot {:?}", s)) + .unwrap_or_else(|| "-".to_string()), + }, + Row { name: "slot A FWID", value: slot_a_fwid.clone() }, + Row { name: "slot B FWID", value: slot_b_fwid.clone() }, + Row { name: "Stage0 FWID", value: stage0_fwid.clone() }, + Row { name: "Stage0Next FWID", value: stage0next_fwid.clone() }, + Row { + name: "Slot A status", + value: (*slot_a_status) + .map(|x| format!("error: {:?}", x)) + .unwrap_or_else(|| "VALID".to_string()), + }, + Row { + name: "Slot B status", + value: (*slot_b_status) + .map(|x| format!("error: {:?}", x)) + .unwrap_or_else(|| "VALID".to_string()), + }, + Row { + name: "Stage0 status", + value: (*stage0_status) + .map(|x| format!("error: {:?}", x)) + .unwrap_or_else(|| "VALID".to_string()), + }, + Row { + name: "stage0next status", + value: (*stage0next_status) + .map(|x| format!("error: {:?}", x)) + .unwrap_or_else(|| "VALID".to_string()), + }, + ]; + let table = tabled::Table::new(rows) .with(tabled::settings::Style::empty()) .with(tabled::settings::Padding::new(0, 1, 0, 0)) diff --git a/gateway-test-utils/configs/sp_sim_config.test.toml b/gateway-test-utils/configs/sp_sim_config.test.toml index e1e3c0d057f..cc08eec30b7 100644 --- a/gateway-test-utils/configs/sp_sim_config.test.toml +++ b/gateway-test-utils/configs/sp_sim_config.test.toml @@ -18,14 +18,14 @@ device_id_cert_seed = "01de00000000000000000000000000000000000000000000000000000 id = "dev-0" device = "fake-tmp-sensor" description = "FAKE temperature sensor 1" -capabilities.bits = 0x2 +capabilities = 0x2 presence = "Present" [[simulated_sps.sidecar.components]] id = "dev-1" device = "fake-tmp-sensor" description = "FAKE temperature sensor 2" -capabilities.bits = 0x2 +capabilities = 0x2 presence = "Failed" [[simulated_sps.sidecar]] @@ -46,7 +46,7 @@ device_id_cert_seed = "01de00000000000000000000000000000000000000000000000000000 id = "sp3-host-cpu" device = "sp3-host-cpu" description = "FAKE host cpu" -capabilities.bits = 0 +capabilities = 0 presence = "Present" serial_console = "[::1]:0" @@ -54,7 +54,7 @@ serial_console = "[::1]:0" id = "dev-0" device = "fake-tmp-sensor" description = "FAKE temperature sensor" -capabilities.bits = 0x2 +capabilities = 0x2 presence = "Failed" [[simulated_sps.gimlet]] @@ -68,7 +68,7 @@ device_id_cert_seed = "01de00000000000000000000000000000000000000000000000000000 id = "sp3-host-cpu" device = "sp3-host-cpu" description = "FAKE host cpu" -capabilities.bits = 0 +capabilities = 0 presence = "Present" serial_console = "[::1]:0" diff --git a/gateway/src/http_entrypoints.rs b/gateway/src/http_entrypoints.rs index 727ba0950da..89722e718b1 100644 --- a/gateway/src/http_entrypoints.rs +++ b/gateway/src/http_entrypoints.rs @@ -61,6 +61,34 @@ pub struct SpState { pub rot: RotState, } +#[derive( + Debug, + Clone, + PartialEq, + Eq, + PartialOrd, + Ord, + Deserialize, + Serialize, + JsonSchema, +)] +#[serde(rename_all = "snake_case")] +pub enum RotImageError { + Unchecked, + FirstPageErased, + PartiallyProgrammed, + InvalidLength, + HeaderNotProgrammed, + BootloaderTooSmall, + BadMagic, + HeaderImageSize, + UnalignedLength, + UnsupportedType, + ResetVectorNotThumb2, + ResetVector, + Signature, +} + #[derive( Debug, Clone, @@ -74,7 +102,7 @@ pub struct SpState { )] #[serde(tag = "state", rename_all = "snake_case")] pub enum RotState { - Enabled { + V2 { active: RotSlot, persistent_boot_preference: RotSlot, pending_persistent_boot_preference: Option, @@ -85,6 +113,22 @@ pub enum RotState { CommunicationFailed { message: String, }, + V3 { + active: RotSlot, + persistent_boot_preference: RotSlot, + pending_persistent_boot_preference: Option, + transient_boot_preference: Option, + + slot_a_fwid: String, + slot_b_fwid: String, + stage0_fwid: String, + stage0next_fwid: String, + + slot_a_status: Option, + slot_b_status: Option, + stage0_status: Option, + stage0next_status: Option, + }, } #[derive( @@ -184,6 +228,21 @@ pub struct RotCfpa { pub slot: RotCfpaSlot, } +#[derive( + Debug, + Clone, + PartialEq, + Eq, + PartialOrd, + Ord, + Deserialize, + Serialize, + JsonSchema, +)] +pub struct GetRotBootInfoParams { + pub version: u8, +} + #[derive( Debug, Clone, @@ -626,7 +685,24 @@ async fn sp_get( SpCommsError::SpCommunicationFailed { sp: sp_id, err } })?; - Ok(HttpResponseOk(state.into())) + // It's ugly to do the conversion here but we only want to call the new + // `rot_state` API if we're on V3 + let final_state = match state { + gateway_sp_comms::VersionedSpState::V1(s) => SpState::from(s), + gateway_sp_comms::VersionedSpState::V2(s) => SpState::from(s), + gateway_sp_comms::VersionedSpState::V3(s) => { + let rot_state = sp + .rot_state(gateway_messages::RotBootInfo::HIGHEST_KNOWN_VERSION) + .await + .map_err(|err| SpCommsError::SpCommunicationFailed { + sp: sp_id, + err, + })?; + SpState::from((s, RotState::from(rot_state))) + } + }; + + Ok(HttpResponseOk(final_state)) } /// Get host startup options for a sled @@ -1044,7 +1120,9 @@ async fn sp_component_reset( let component = component_from_str(&component)?; sp.reset_component_prepare(component) - .and_then(|()| sp.reset_component_trigger(component)) + // We always want to run with the watchdog when resetting as + // disabling the watchdog should be considered a debug only feature + .and_then(|()| sp.reset_component_trigger(component, false)) .await .map_err(|err| SpCommsError::SpCommunicationFailed { sp: sp_id, @@ -1224,6 +1302,40 @@ async fn sp_rot_cfpa_get( Ok(HttpResponseOk(RotCfpa { base64_data, slot })) } +/// Read the RoT boot state from a root of trust +/// +/// This endpoint is only valid for the `rot` component. +#[endpoint { + method = GET, + path = "/sp/{type}/{slot}/component/{component}/rot-boot-info", +}] +async fn sp_rot_boot_info( + rqctx: RequestContext>, + path: Path, + params: TypedBody, +) -> Result, HttpError> { + let apictx = rqctx.context(); + + let PathSpComponent { sp, component } = path.into_inner(); + let GetRotBootInfoParams { version } = params.into_inner(); + let sp_id = sp.into(); + + // Ensure the caller knows they're asking for the RoT + if component_from_str(&component)? != SpComponent::ROT { + return Err(HttpError::for_bad_request( + Some("RequestUnsupportedForComponent".to_string()), + "rot_boot_info only makes sent for a RoT".into(), + )); + } + + let sp = apictx.mgmt_switch.sp(sp_id)?; + let state = sp.rot_state(version).await.map_err(|err| { + SpCommsError::SpCommunicationFailed { sp: sp_id, err } + })?; + + Ok(HttpResponseOk(state.into())) +} + /// List SPs via Ignition /// /// Retreive information for all SPs via the Ignition controller. This is lower @@ -1600,6 +1712,7 @@ pub fn api() -> GatewayApiDescription { api.register(sp_component_update_abort)?; api.register(sp_rot_cmpa_get)?; api.register(sp_rot_cfpa_get)?; + api.register(sp_rot_boot_info)?; api.register(sp_host_phase2_progress_get)?; api.register(sp_host_phase2_progress_delete)?; api.register(ignition_list)?; diff --git a/gateway/src/http_entrypoints/conversions.rs b/gateway/src/http_entrypoints/conversions.rs index df3d1c54369..4edcc00005e 100644 --- a/gateway/src/http_entrypoints/conversions.rs +++ b/gateway/src/http_entrypoints/conversions.rs @@ -12,6 +12,7 @@ use super::ImageVersion; use super::InstallinatorImageId; use super::PowerState; use super::RotImageDetails; +use super::RotImageError; use super::RotSlot; use super::RotState; use super::SpComponentInfo; @@ -27,6 +28,7 @@ use super::SpType; use super::SpUpdateStatus; use super::UpdatePreparationProgress; use dropshot::HttpError; +use gateway_messages::RotBootInfo; use gateway_messages::SpComponent; use gateway_messages::StartupOptions; use gateway_messages::UpdateStatus; @@ -133,6 +135,45 @@ impl From for ImageVersion { } } +impl From for RotImageError { + fn from(error: gateway_messages::ImageError) -> Self { + match error { + gateway_messages::ImageError::Unchecked => RotImageError::Unchecked, + gateway_messages::ImageError::FirstPageErased => { + RotImageError::FirstPageErased + } + gateway_messages::ImageError::PartiallyProgrammed => { + RotImageError::PartiallyProgrammed + } + gateway_messages::ImageError::InvalidLength => { + RotImageError::InvalidLength + } + gateway_messages::ImageError::HeaderNotProgrammed => { + RotImageError::HeaderNotProgrammed + } + gateway_messages::ImageError::BootloaderTooSmall => { + RotImageError::BootloaderTooSmall + } + gateway_messages::ImageError::BadMagic => RotImageError::BadMagic, + gateway_messages::ImageError::HeaderImageSize => { + RotImageError::HeaderImageSize + } + gateway_messages::ImageError::UnalignedLength => { + RotImageError::UnalignedLength + } + gateway_messages::ImageError::UnsupportedType => { + RotImageError::UnsupportedType + } + gateway_messages::ImageError::ResetVectorNotThumb2 => { + RotImageError::ResetVectorNotThumb2 + } + gateway_messages::ImageError::ResetVector => { + RotImageError::ResetVector + } + gateway_messages::ImageError::Signature => RotImageError::Signature, + } + } +} // We expect serial and model numbers to be ASCII and 0-padded: find the first 0 // byte and convert to a string. If that fails, hexlify the entire slice. fn stringify_byte_string(bytes: &[u8]) -> String { @@ -143,8 +184,9 @@ fn stringify_byte_string(bytes: &[u8]) -> String { .unwrap_or_else(|_err| hex::encode(bytes)) } -impl From for SpState { - fn from(state: gateway_messages::SpStateV1) -> Self { +impl From<(gateway_messages::SpStateV1, RotState)> for SpState { + fn from(all: (gateway_messages::SpStateV1, RotState)) -> Self { + let (state, rot) = all; Self { serial_number: stringify_byte_string(&state.serial_number), model: stringify_byte_string(&state.model), @@ -152,13 +194,20 @@ impl From for SpState { hubris_archive_id: hex::encode(state.hubris_archive_id), base_mac_address: state.base_mac_address, power_state: PowerState::from(state.power_state), - rot: RotState::from(state.rot), + rot, } } } -impl From for SpState { - fn from(state: gateway_messages::SpStateV2) -> Self { +impl From for SpState { + fn from(state: gateway_messages::SpStateV1) -> Self { + Self::from((state, RotState::from(state.rot))) + } +} + +impl From<(gateway_messages::SpStateV2, RotState)> for SpState { + fn from(all: (gateway_messages::SpStateV2, RotState)) -> Self { + let (state, rot) = all; Self { serial_number: stringify_byte_string(&state.serial_number), model: stringify_byte_string(&state.model), @@ -166,16 +215,28 @@ impl From for SpState { hubris_archive_id: hex::encode(state.hubris_archive_id), base_mac_address: state.base_mac_address, power_state: PowerState::from(state.power_state), - rot: RotState::from(state.rot), + rot, } } } -impl From for SpState { - fn from(value: gateway_sp_comms::VersionedSpState) -> Self { - match value { - gateway_sp_comms::VersionedSpState::V1(s) => Self::from(s), - gateway_sp_comms::VersionedSpState::V2(s) => Self::from(s), +impl From for SpState { + fn from(state: gateway_messages::SpStateV2) -> Self { + Self::from((state, RotState::from(state.rot))) + } +} + +impl From<(gateway_messages::SpStateV3, RotState)> for SpState { + fn from(all: (gateway_messages::SpStateV3, RotState)) -> Self { + let (state, rot) = all; + Self { + serial_number: stringify_byte_string(&state.serial_number), + model: stringify_byte_string(&state.model), + revision: state.revision, + hubris_archive_id: hex::encode(state.hubris_archive_id), + base_mac_address: state.base_mac_address, + power_state: PowerState::from(state.power_state), + rot, } } } @@ -187,25 +248,7 @@ impl From> result: Result, ) -> Self { match result { - Ok(state) => { - let boot_state = state.rot_updates.boot_state; - Self::Enabled { - active: boot_state.active.into(), - slot_a_sha3_256_digest: boot_state - .slot_a - .map(|details| hex::encode(details.digest)), - slot_b_sha3_256_digest: boot_state - .slot_b - .map(|details| hex::encode(details.digest)), - // RotState(V1) didn't have the following fields, so we make - // it up as best we can. This RoT version is pre-shipping - // and should only exist on (not updated recently) test - // systems. - persistent_boot_preference: boot_state.active.into(), - pending_persistent_boot_preference: None, - transient_boot_preference: None, - } - } + Ok(state) => Self::from(state), Err(err) => Self::CommunicationFailed { message: err.to_string() }, } } @@ -221,29 +264,99 @@ impl From> >, ) -> Self { match result { - Ok(state) => Self::Enabled { - active: state.active.into(), - persistent_boot_preference: state - .persistent_boot_preference - .into(), - pending_persistent_boot_preference: state - .pending_persistent_boot_preference - .map(Into::into), - transient_boot_preference: state - .transient_boot_preference - .map(Into::into), - slot_a_sha3_256_digest: state - .slot_a_sha3_256_digest - .map(hex::encode), - slot_b_sha3_256_digest: state - .slot_b_sha3_256_digest - .map(hex::encode), - }, + Ok(state) => Self::from(state), Err(err) => Self::CommunicationFailed { message: err.to_string() }, } } } +impl RotState { + fn fwid_to_string(fwid: gateway_messages::Fwid) -> String { + match fwid { + gateway_messages::Fwid::Sha3_256(digest) => hex::encode(digest), + } + } +} + +impl From for RotState { + fn from(state: gateway_messages::RotStateV3) -> Self { + Self::V3 { + active: state.active.into(), + persistent_boot_preference: state.persistent_boot_preference.into(), + pending_persistent_boot_preference: state + .pending_persistent_boot_preference + .map(Into::into), + transient_boot_preference: state + .transient_boot_preference + .map(Into::into), + slot_a_fwid: Self::fwid_to_string(state.slot_a_fwid), + slot_b_fwid: Self::fwid_to_string(state.slot_b_fwid), + + stage0_fwid: Self::fwid_to_string(state.stage0_fwid), + stage0next_fwid: Self::fwid_to_string(state.stage0next_fwid), + + slot_a_status: state.slot_a_status.err().map(From::from), + slot_b_status: state.slot_b_status.err().map(From::from), + + stage0_status: state.stage0_status.err().map(From::from), + stage0next_status: state.stage0next_status.err().map(From::from), + } + } +} + +impl From for RotState { + fn from(state: gateway_messages::RotStateV2) -> Self { + Self::V2 { + active: state.active.into(), + persistent_boot_preference: state.persistent_boot_preference.into(), + pending_persistent_boot_preference: state + .pending_persistent_boot_preference + .map(Into::into), + transient_boot_preference: state + .transient_boot_preference + .map(Into::into), + slot_a_sha3_256_digest: state + .slot_a_sha3_256_digest + .map(hex::encode), + slot_b_sha3_256_digest: state + .slot_b_sha3_256_digest + .map(hex::encode), + } + } +} + +impl From for RotState { + fn from(state: gateway_messages::RotState) -> Self { + let boot_state = state.rot_updates.boot_state; + Self::V2 { + active: boot_state.active.into(), + slot_a_sha3_256_digest: boot_state + .slot_a + .map(|details| hex::encode(details.digest)), + slot_b_sha3_256_digest: boot_state + .slot_b + .map(|details| hex::encode(details.digest)), + // RotState(V1) didn't have the following fields, so we make + // it up as best we can. This RoT version is pre-shipping + // and should only exist on (not updated recently) test + // systems. + persistent_boot_preference: boot_state.active.into(), + pending_persistent_boot_preference: None, + transient_boot_preference: None, + } + } +} + +impl From for RotState { + fn from(value: gateway_messages::RotBootInfo) -> Self { + match value { + RotBootInfo::V1(s) => Self::from(s), + RotBootInfo::V2(s) => Self::from(s), + RotBootInfo::V3(s) => Self::from(s), + } + } +} + impl From for RotSlot { fn from(slot: gateway_messages::RotSlotId) -> Self { match slot { diff --git a/nexus/db-model/src/inventory.rs b/nexus/db-model/src/inventory.rs index 456987f0ce8..d4e6a69da68 100644 --- a/nexus/db-model/src/inventory.rs +++ b/nexus/db-model/src/inventory.rs @@ -124,6 +124,8 @@ impl_enum_type!( SpSlot1 => b"sp_slot_1" RotSlotA => b"rot_slot_A" RotSlotB => b"rot_slot_B" + Stage0 => b"stage0" + Stage0Next => b"stage0next" ); impl From for CabooseWhich { @@ -134,6 +136,10 @@ impl From for CabooseWhich { nexus_inventory::CabooseWhich::SpSlot1 => CabooseWhich::SpSlot1, nexus_inventory::CabooseWhich::RotSlotA => CabooseWhich::RotSlotA, nexus_inventory::CabooseWhich::RotSlotB => CabooseWhich::RotSlotB, + nexus_inventory::CabooseWhich::Stage0 => CabooseWhich::Stage0, + nexus_inventory::CabooseWhich::Stage0Next => { + CabooseWhich::Stage0Next + } } } } @@ -146,6 +152,10 @@ impl From for nexus_types::inventory::CabooseWhich { CabooseWhich::SpSlot1 => nexus_inventory::CabooseWhich::SpSlot1, CabooseWhich::RotSlotA => nexus_inventory::CabooseWhich::RotSlotA, CabooseWhich::RotSlotB => nexus_inventory::CabooseWhich::RotSlotB, + CabooseWhich::Stage0 => nexus_inventory::CabooseWhich::Stage0, + CabooseWhich::Stage0Next => { + nexus_inventory::CabooseWhich::Stage0Next + } } } } @@ -203,6 +213,125 @@ impl From for nexus_types::inventory::RotPageWhich { } } +// See [`nexus_types::inventory::RotImageError`]. +impl_enum_type!( + #[derive(SqlType, Debug, QueryId)] + #[diesel(postgres_type(name = "rot_image_error", schema = "public"))] + pub struct RotImageErrorEnum; + + #[derive(Copy, Clone, Debug, AsExpression, FromSqlRow, PartialEq)] + #[diesel(sql_type = RotImageErrorEnum)] + pub enum RotImageError; + + // Enum values + Unchecked => b"unchecked" + FirstPageErased => b"first_page_erased" + PartiallyProgrammed => b"partially_programmed" + InvalidLength => b"invalid_length" + HeaderNotProgrammed => b"header_not_programmed" + BootloaderTooSmall => b"bootloader_too_small" + BadMagic => b"bad_magic" + HeaderImageSize => b"header_image_size" + UnalignedLength => b"unaligned_length" + UnsupportedType => b"unsupported_type" + ResetVectorNotThumb2 => b"not_thumb2" + ResetVector => b"reset_vector" + Signature => b"signature" + +); + +impl From for RotImageError { + fn from(c: nexus_types::inventory::RotImageError) -> Self { + match c { + nexus_types::inventory::RotImageError::Unchecked => { + RotImageError::Unchecked + } + nexus_types::inventory::RotImageError::FirstPageErased => { + RotImageError::FirstPageErased + } + nexus_types::inventory::RotImageError::PartiallyProgrammed => { + RotImageError::PartiallyProgrammed + } + nexus_types::inventory::RotImageError::InvalidLength => { + RotImageError::InvalidLength + } + nexus_types::inventory::RotImageError::HeaderNotProgrammed => { + RotImageError::HeaderNotProgrammed + } + nexus_types::inventory::RotImageError::BootloaderTooSmall => { + RotImageError::BootloaderTooSmall + } + nexus_types::inventory::RotImageError::BadMagic => { + RotImageError::BadMagic + } + nexus_types::inventory::RotImageError::HeaderImageSize => { + RotImageError::HeaderImageSize + } + nexus_types::inventory::RotImageError::UnalignedLength => { + RotImageError::UnalignedLength + } + nexus_types::inventory::RotImageError::UnsupportedType => { + RotImageError::UnsupportedType + } + nexus_types::inventory::RotImageError::ResetVectorNotThumb2 => { + RotImageError::ResetVectorNotThumb2 + } + nexus_types::inventory::RotImageError::ResetVector => { + RotImageError::ResetVector + } + nexus_types::inventory::RotImageError::Signature => { + RotImageError::Signature + } + } + } +} + +impl From for nexus_types::inventory::RotImageError { + fn from(row: RotImageError) -> Self { + match row { + RotImageError::Unchecked => { + nexus_types::inventory::RotImageError::Unchecked + } + RotImageError::FirstPageErased => { + nexus_types::inventory::RotImageError::FirstPageErased + } + RotImageError::PartiallyProgrammed => { + nexus_types::inventory::RotImageError::PartiallyProgrammed + } + RotImageError::InvalidLength => { + nexus_types::inventory::RotImageError::InvalidLength + } + RotImageError::HeaderNotProgrammed => { + nexus_types::inventory::RotImageError::HeaderNotProgrammed + } + RotImageError::BootloaderTooSmall => { + nexus_types::inventory::RotImageError::BootloaderTooSmall + } + RotImageError::BadMagic => { + nexus_types::inventory::RotImageError::BadMagic + } + RotImageError::HeaderImageSize => { + nexus_types::inventory::RotImageError::HeaderImageSize + } + RotImageError::UnalignedLength => { + nexus_types::inventory::RotImageError::UnalignedLength + } + RotImageError::UnsupportedType => { + nexus_types::inventory::RotImageError::UnsupportedType + } + RotImageError::ResetVectorNotThumb2 => { + nexus_types::inventory::RotImageError::ResetVectorNotThumb2 + } + RotImageError::ResetVector => { + nexus_types::inventory::RotImageError::ResetVector + } + RotImageError::Signature => { + nexus_types::inventory::RotImageError::Signature + } + } + } +} + // See [`nexus_types::inventory::SpType`]. impl_enum_type!( #[derive(SqlType, Debug, QueryId)] @@ -532,6 +661,13 @@ pub struct InvRootOfTrust { pub slot_boot_pref_persistent_pending: Option, pub slot_a_sha3_256: Option, pub slot_b_sha3_256: Option, + pub stage0_fwid: Option, + pub stage0next_fwid: Option, + + pub slot_a_status: Option, + pub slot_b_status: Option, + pub stage0_status: Option, + pub stage0next_status: Option, } impl From for nexus_types::inventory::RotState { @@ -551,6 +687,21 @@ impl From for nexus_types::inventory::RotState { .map(RotSlot::from), slot_a_sha3_256_digest: row.slot_a_sha3_256, slot_b_sha3_256_digest: row.slot_b_sha3_256, + stage0_digest: row.stage0_fwid, + stage0next_digest: row.stage0next_fwid, + + slot_a_status: row + .slot_a_status + .map(nexus_types::inventory::RotImageError::from), + slot_b_status: row + .slot_b_status + .map(nexus_types::inventory::RotImageError::from), + stage0_status: row + .stage0_status + .map(nexus_types::inventory::RotImageError::from), + stage0next_status: row + .stage0next_status + .map(nexus_types::inventory::RotImageError::from), } } } diff --git a/nexus/db-model/src/schema.rs b/nexus/db-model/src/schema.rs index 4117079880c..70e475496f0 100644 --- a/nexus/db-model/src/schema.rs +++ b/nexus/db-model/src/schema.rs @@ -1354,6 +1354,13 @@ table! { slot_boot_pref_persistent_pending -> Nullable, slot_a_sha3_256 -> Nullable, slot_b_sha3_256 -> Nullable, + stage0_fwid -> Nullable, + stage0next_fwid -> Nullable, + + slot_a_status -> Nullable, + slot_b_status -> Nullable, + stage0_status -> Nullable, + stage0next_status -> Nullable, } } diff --git a/nexus/db-model/src/schema_versions.rs b/nexus/db-model/src/schema_versions.rs index c4510c02be7..235376cb1e7 100644 --- a/nexus/db-model/src/schema_versions.rs +++ b/nexus/db-model/src/schema_versions.rs @@ -17,7 +17,7 @@ use std::collections::BTreeMap; /// /// This must be updated when you change the database schema. Refer to /// schema/crdb/README.adoc in the root of this repository for details. -pub const SCHEMA_VERSION: SemverVersion = SemverVersion::new(59, 0, 0); +pub const SCHEMA_VERSION: SemverVersion = SemverVersion::new(60, 0, 0); /// List of all past database schema versions, in *reverse* order /// @@ -29,6 +29,7 @@ static KNOWN_VERSIONS: Lazy> = Lazy::new(|| { // | leaving the first copy as an example for the next person. // v // KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"), + KnownVersion::new(60, "expose-stage0"), KnownVersion::new(59, "enforce-first-as-default"), KnownVersion::new(58, "insert-default-allowlist"), KnownVersion::new(57, "add-allowed-source-ips"), diff --git a/nexus/db-queries/src/db/datastore/inventory.rs b/nexus/db-queries/src/db/datastore/inventory.rs index 6faa8ea2513..583dd28e184 100644 --- a/nexus/db-queries/src/db/datastore/inventory.rs +++ b/nexus/db-queries/src/db/datastore/inventory.rs @@ -47,6 +47,8 @@ use nexus_db_model::InvServiceProcessor; use nexus_db_model::InvSledAgent; use nexus_db_model::InvSledOmicronZones; use nexus_db_model::InvZpool; +use nexus_db_model::RotImageError; +use nexus_db_model::RotImageErrorEnum; use nexus_db_model::RotPageWhichEnum; use nexus_db_model::SledRole; use nexus_db_model::SledRoleEnum; @@ -404,6 +406,26 @@ impl DataStore { .clone() .into_sql::>( ), + rot.stage0_digest + .clone() + .into_sql::>( + ), + rot.stage0next_digest + .clone() + .into_sql::>( + ), + rot.slot_a_status + .map(RotImageError::from) + .into_sql::>(), + rot.slot_b_status + .map(RotImageError::from) + .into_sql::>(), + rot.stage0_status + .map(RotImageError::from) + .into_sql::>(), + rot.stage0next_status + .map(RotImageError::from) + .into_sql::>(), )) .filter( baseboard_dsl::part_number @@ -429,6 +451,12 @@ impl DataStore { rot_dsl::slot_boot_pref_transient, rot_dsl::slot_a_sha3_256, rot_dsl::slot_b_sha3_256, + rot_dsl::stage0_fwid, + rot_dsl::stage0next_fwid, + rot_dsl::slot_a_status, + rot_dsl::slot_b_status, + rot_dsl::stage0_status, + rot_dsl::stage0next_status, )) .execute_async(&conn) .await?; @@ -447,6 +475,12 @@ impl DataStore { _slot_boot_pref_transient, _slot_a_sha3_256, _slot_b_sha3_256, + _stage0_fwid, + _stage0next_fwid, + _slot_a_status, + _slot_b_status, + _stage0_status, + _stage0next_status, ) = rot_dsl::inv_root_of_trust::all_columns(); } } diff --git a/nexus/inventory/src/builder.rs b/nexus/inventory/src/builder.rs index bfa330669ff..6722184a2bf 100644 --- a/nexus/inventory/src/builder.rs +++ b/nexus/inventory/src/builder.rs @@ -217,7 +217,7 @@ impl CollectionBuilder { }); match sp_state.rot { - gateway_client::types::RotState::Enabled { + gateway_client::types::RotState::V2 { active, pending_persistent_boot_preference, persistent_boot_preference, @@ -236,6 +236,12 @@ impl CollectionBuilder { transient_boot_preference, slot_a_sha3_256_digest, slot_b_sha3_256_digest, + stage0_digest: None, + stage0next_digest: None, + slot_a_status: None, + slot_b_status: None, + stage0_status: None, + stage0next_status: None, } }); } @@ -249,6 +255,40 @@ impl CollectionBuilder { message ))); } + gateway_client::types::RotState::V3 { + active, + pending_persistent_boot_preference, + persistent_boot_preference, + slot_a_fwid, + slot_b_fwid, + stage0_fwid, + stage0next_fwid, + transient_boot_preference, + slot_a_status, + slot_b_status, + stage0_status, + stage0next_status, + } => { + let _ = + self.rots.entry(baseboard.clone()).or_insert_with(|| { + RotState { + time_collected: now, + source: source.to_owned(), + active_slot: active, + persistent_boot_preference, + pending_persistent_boot_preference, + transient_boot_preference, + slot_a_sha3_256_digest: Some(slot_a_fwid), + slot_b_sha3_256_digest: Some(slot_b_fwid), + stage0_digest: Some(stage0_fwid), + stage0next_digest: Some(stage0next_fwid), + slot_a_status, + slot_b_status, + stage0_status, + stage0next_status, + } + }); + } } Some(baseboard) @@ -965,7 +1005,7 @@ mod test { model: String::from("model1"), power_state: PowerState::A0, revision: 0, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::A, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, @@ -990,7 +1030,7 @@ mod test { model: String::from("model1"), power_state: PowerState::A0, revision: 0, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::A, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, @@ -1016,7 +1056,7 @@ mod test { model: String::from("model1"), power_state: PowerState::A0, revision: 1, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::A, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, diff --git a/nexus/inventory/src/collector.rs b/nexus/inventory/src/collector.rs index 48761479b05..a64d092e1c1 100644 --- a/nexus/inventory/src/collector.rs +++ b/nexus/inventory/src/collector.rs @@ -174,6 +174,8 @@ impl<'a> Collector<'a> { CabooseWhich::SpSlot1 => ("sp", 1), CabooseWhich::RotSlotA => ("rot", 0), CabooseWhich::RotSlotB => ("rot", 1), + CabooseWhich::Stage0 => ("stage0", 0), + CabooseWhich::Stage0Next => ("stage0", 1), }; let result = client diff --git a/nexus/inventory/src/examples.rs b/nexus/inventory/src/examples.rs index 1a0c70f4566..c2e283a6408 100644 --- a/nexus/inventory/src/examples.rs +++ b/nexus/inventory/src/examples.rs @@ -49,7 +49,7 @@ pub fn representative() -> Representative { model: String::from("model1"), power_state: PowerState::A0, revision: 0, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::A, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, @@ -74,7 +74,7 @@ pub fn representative() -> Representative { model: String::from("model2"), power_state: PowerState::A2, revision: 1, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::B, pending_persistent_boot_preference: Some(RotSlot::A), persistent_boot_preference: RotSlot::A, @@ -101,7 +101,7 @@ pub fn representative() -> Representative { model: String::from("model3"), power_state: PowerState::A1, revision: 2, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::B, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, @@ -128,7 +128,7 @@ pub fn representative() -> Representative { model: String::from("model4"), power_state: PowerState::A2, revision: 3, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::B, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, @@ -471,7 +471,7 @@ pub fn sp_state(unique: &str) -> SpState { model: format!("model{}", unique), power_state: PowerState::A2, revision: 0, - rot: RotState::Enabled { + rot: RotState::V2 { active: RotSlot::A, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, diff --git a/nexus/inventory/tests/output/collector_basic.txt b/nexus/inventory/tests/output/collector_basic.txt index 0fc1c552aba..896cdcddbc6 100644 --- a/nexus/inventory/tests/output/collector_basic.txt +++ b/nexus/inventory/tests/output/collector_basic.txt @@ -7,10 +7,18 @@ baseboards: part "sim-gimlet" serial "sim-9cb9b78f-5614-440c-b66d-e8e81fab69b0" cabooses: - board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "ffffffff" - board "SimRot" name "SimGimlet" version "0.0.1" git_commit "eeeeeeee" - board "SimRot" name "SimSidecar" version "0.0.1" git_commit "eeeeeeee" - board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "ffffffff" + board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe" + board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff" + board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed" + board "SimRot" name "SimSidecar" version "0.0.3" git_commit "edededed" + board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee" + board "SimRot" name "SimSidecar" version "0.0.4" git_commit "eeeeeeee" + board "SimRotStage0" name "SimSidecar" version "0.0.200" git_commit "dadadada" + board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad" + board "SimRotStage0" name "SimSidecar" version "0.0.200" git_commit "dddddddd" + board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd" + board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe" + board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff" rot pages: data_base64 "Z2ltbGV0LWNmcGEtYWN0aXZlcabooses found: RotSlotB baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRot" RotSlotB baseboard part "i86pc" serial "SimGimlet00": board "SimRot" RotSlotB baseboard part "i86pc" serial "SimGimlet01": board "SimRot" + Stage0 baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": board "SimRotStage0" + Stage0 baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRotStage0" + Stage0 baseboard part "i86pc" serial "SimGimlet00": board "SimRotStage0" + Stage0 baseboard part "i86pc" serial "SimGimlet01": board "SimRotStage0" + Stage0Next baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": board "SimRotStage0" + Stage0Next baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRotStage0" + Stage0Next baseboard part "i86pc" serial "SimGimlet00": board "SimRotStage0" + Stage0Next baseboard part "i86pc" serial "SimGimlet01": board "SimRotStage0" rot pages found: Cmpa baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": data_base64 "c2lkZWNhci1jbXBhdiff --git a/nexus/inventory/tests/output/collector_errors.txt b/nexus/inventory/tests/output/collector_errors.txt index 20e9bb301e9..79d61567dd1 100644 --- a/nexus/inventory/tests/output/collector_errors.txt +++ b/nexus/inventory/tests/output/collector_errors.txt @@ -5,10 +5,18 @@ baseboards: part "i86pc" serial "SimGimlet01" cabooses: - board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "ffffffff" - board "SimRot" name "SimGimlet" version "0.0.1" git_commit "eeeeeeee" - board "SimRot" name "SimSidecar" version "0.0.1" git_commit "eeeeeeee" - board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "ffffffff" + board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe" + board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff" + board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed" + board "SimRot" name "SimSidecar" version "0.0.3" git_commit "edededed" + board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee" + board "SimRot" name "SimSidecar" version "0.0.4" git_commit "eeeeeeee" + board "SimRotStage0" name "SimSidecar" version "0.0.200" git_commit "dadadada" + board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad" + board "SimRotStage0" name "SimSidecar" version "0.0.200" git_commit "dddddddd" + board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd" + board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe" + board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff" rot pages: data_base64 "Z2ltbGV0LWNmcGEtYWN0aXZlcabooses found: RotSlotB baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRot" RotSlotB baseboard part "i86pc" serial "SimGimlet00": board "SimRot" RotSlotB baseboard part "i86pc" serial "SimGimlet01": board "SimRot" + Stage0 baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": board "SimRotStage0" + Stage0 baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRotStage0" + Stage0 baseboard part "i86pc" serial "SimGimlet00": board "SimRotStage0" + Stage0 baseboard part "i86pc" serial "SimGimlet01": board "SimRotStage0" + Stage0Next baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": board "SimRotStage0" + Stage0Next baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRotStage0" + Stage0Next baseboard part "i86pc" serial "SimGimlet00": board "SimRotStage0" + Stage0Next baseboard part "i86pc" serial "SimGimlet01": board "SimRotStage0" rot pages found: Cmpa baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": data_base64 "c2lkZWNhci1jbXBhdiff --git a/nexus/inventory/tests/output/collector_sled_agent_errors.txt b/nexus/inventory/tests/output/collector_sled_agent_errors.txt index 7b9bbce84eb..9e9c79aa92d 100644 --- a/nexus/inventory/tests/output/collector_sled_agent_errors.txt +++ b/nexus/inventory/tests/output/collector_sled_agent_errors.txt @@ -6,10 +6,18 @@ baseboards: part "sim-gimlet" serial "sim-9cb9b78f-5614-440c-b66d-e8e81fab69b0" cabooses: - board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "ffffffff" - board "SimRot" name "SimGimlet" version "0.0.1" git_commit "eeeeeeee" - board "SimRot" name "SimSidecar" version "0.0.1" git_commit "eeeeeeee" - board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "ffffffff" + board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe" + board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff" + board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed" + board "SimRot" name "SimSidecar" version "0.0.3" git_commit "edededed" + board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee" + board "SimRot" name "SimSidecar" version "0.0.4" git_commit "eeeeeeee" + board "SimRotStage0" name "SimSidecar" version "0.0.200" git_commit "dadadada" + board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad" + board "SimRotStage0" name "SimSidecar" version "0.0.200" git_commit "dddddddd" + board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd" + board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe" + board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff" rot pages: data_base64 "Z2ltbGV0LWNmcGEtYWN0aXZlcabooses found: RotSlotB baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRot" RotSlotB baseboard part "i86pc" serial "SimGimlet00": board "SimRot" RotSlotB baseboard part "i86pc" serial "SimGimlet01": board "SimRot" + Stage0 baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": board "SimRotStage0" + Stage0 baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRotStage0" + Stage0 baseboard part "i86pc" serial "SimGimlet00": board "SimRotStage0" + Stage0 baseboard part "i86pc" serial "SimGimlet01": board "SimRotStage0" + Stage0Next baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": board "SimRotStage0" + Stage0Next baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar1": board "SimRotStage0" + Stage0Next baseboard part "i86pc" serial "SimGimlet00": board "SimRotStage0" + Stage0Next baseboard part "i86pc" serial "SimGimlet01": board "SimRotStage0" rot pages found: Cmpa baseboard part "FAKE_SIM_SIDECAR" serial "SimSidecar0": data_base64 "c2lkZWNhci1jbXBhdiff --git a/nexus/reconfigurator/planning/src/system.rs b/nexus/reconfigurator/planning/src/system.rs index 15aefb7344f..ea6c6f3504c 100644 --- a/nexus/reconfigurator/planning/src/system.rs +++ b/nexus/reconfigurator/planning/src/system.rs @@ -471,16 +471,18 @@ impl Sled { model: model.clone(), power_state: PowerState::A2, revision, - rot: RotState::Enabled { + rot: RotState::V3 { active: RotSlot::A, pending_persistent_boot_preference: None, persistent_boot_preference: RotSlot::A, - slot_a_sha3_256_digest: Some(String::from( - "slotAdigest1", - )), - slot_b_sha3_256_digest: Some(String::from( - "slotBdigest1", - )), + slot_a_fwid: String::from("slotAdigest1"), + slot_b_fwid: String::from("slotBdigest1"), + stage0_fwid: String::from("stage0_fwid"), + stage0next_fwid: String::from("stage0next_fwid"), + slot_a_status: None, + slot_b_status: None, + stage0_status: None, + stage0next_status: None, transient_boot_preference: None, }, serial_number: serial.clone(), @@ -570,35 +572,86 @@ impl Sled { .unwrap_or(sled_agent_client::types::Baseboard::Unknown); let inventory_sp = inventory_sp.map(|sledhw| { - let sp_state = SpState { - base_mac_address: [0; 6], - hubris_archive_id: sledhw.sp.hubris_archive.clone(), - model: sledhw.baseboard_id.part_number.clone(), - power_state: sledhw.sp.power_state, - revision: sledhw.sp.baseboard_revision, - rot: RotState::Enabled { - active: sledhw.rot.active_slot, - pending_persistent_boot_preference: sledhw - .rot - .pending_persistent_boot_preference, - persistent_boot_preference: sledhw - .rot - .persistent_boot_preference, - slot_a_sha3_256_digest: sledhw - .rot - .slot_a_sha3_256_digest - .clone(), - slot_b_sha3_256_digest: sledhw - .rot - .slot_b_sha3_256_digest - .clone(), - transient_boot_preference: sledhw - .rot - .transient_boot_preference, - }, - serial_number: sledhw.baseboard_id.serial_number.clone(), + // RotStateV3 unconditionally sets all of these + let sp_state = if sledhw.rot.slot_a_sha3_256_digest.is_some() + && sledhw.rot.slot_b_sha3_256_digest.is_some() + && sledhw.rot.stage0_digest.is_some() + && sledhw.rot.stage0next_digest.is_some() + { + SpState { + base_mac_address: [0; 6], + hubris_archive_id: sledhw.sp.hubris_archive.clone(), + model: sledhw.baseboard_id.part_number.clone(), + power_state: sledhw.sp.power_state, + revision: sledhw.sp.baseboard_revision, + rot: RotState::V3 { + active: sledhw.rot.active_slot, + pending_persistent_boot_preference: sledhw + .rot + .pending_persistent_boot_preference, + persistent_boot_preference: sledhw + .rot + .persistent_boot_preference, + slot_a_fwid: sledhw + .rot + .slot_a_sha3_256_digest + .clone() + .expect("slot_a_fwid should be set"), + slot_b_fwid: sledhw + .rot + .slot_b_sha3_256_digest + .clone() + .expect("slot_b_fwid should be set"), + stage0_fwid: sledhw + .rot + .stage0_digest + .clone() + .expect("stage0 fwid should be set"), + stage0next_fwid: sledhw + .rot + .stage0next_digest + .clone() + .expect("stage0 fwid should be set"), + transient_boot_preference: sledhw + .rot + .transient_boot_preference, + slot_a_status: sledhw.rot.slot_a_status, + slot_b_status: sledhw.rot.slot_b_status, + stage0_status: sledhw.rot.stage0_status, + stage0next_status: sledhw.rot.stage0next_status, + }, + serial_number: sledhw.baseboard_id.serial_number.clone(), + } + } else { + SpState { + base_mac_address: [0; 6], + hubris_archive_id: sledhw.sp.hubris_archive.clone(), + model: sledhw.baseboard_id.part_number.clone(), + power_state: sledhw.sp.power_state, + revision: sledhw.sp.baseboard_revision, + rot: RotState::V2 { + active: sledhw.rot.active_slot, + pending_persistent_boot_preference: sledhw + .rot + .pending_persistent_boot_preference, + persistent_boot_preference: sledhw + .rot + .persistent_boot_preference, + slot_a_sha3_256_digest: sledhw + .rot + .slot_a_sha3_256_digest + .clone(), + slot_b_sha3_256_digest: sledhw + .rot + .slot_b_sha3_256_digest + .clone(), + transient_boot_preference: sledhw + .rot + .transient_boot_preference, + }, + serial_number: sledhw.baseboard_id.serial_number.clone(), + } }; - (sledhw.sp.sp_slot, sp_state) }); diff --git a/nexus/types/src/inventory.rs b/nexus/types/src/inventory.rs index 6acbcaca6aa..c0ea908668a 100644 --- a/nexus/types/src/inventory.rs +++ b/nexus/types/src/inventory.rs @@ -15,6 +15,7 @@ use crate::external_api::shared::Baseboard; use chrono::DateTime; use chrono::Utc; pub use gateway_client::types::PowerState; +pub use gateway_client::types::RotImageError; pub use gateway_client::types::RotSlot; pub use gateway_client::types::SpType; use omicron_common::api::external::ByteCount; @@ -256,6 +257,13 @@ pub struct RotState { pub transient_boot_preference: Option, pub slot_a_sha3_256_digest: Option, pub slot_b_sha3_256_digest: Option, + pub stage0_digest: Option, + pub stage0next_digest: Option, + + pub slot_a_status: Option, + pub slot_b_status: Option, + pub stage0_status: Option, + pub stage0next_status: Option, } /// Describes which caboose this is (which component, which slot) @@ -276,6 +284,8 @@ pub enum CabooseWhich { SpSlot1, RotSlotA, RotSlotB, + Stage0, + Stage0Next, } /// Root of trust page contents found during a collection diff --git a/openapi/gateway.json b/openapi/gateway.json index f3a5642b6ee..656f8fdfd8b 100644 --- a/openapi/gateway.json +++ b/openapi/gateway.json @@ -762,6 +762,70 @@ } } }, + "/sp/{type}/{slot}/component/{component}/rot-boot-info": { + "get": { + "summary": "Read the RoT boot state from a root of trust", + "description": "This endpoint is only valid for the `rot` component.", + "operationId": "sp_rot_boot_info", + "parameters": [ + { + "in": "path", + "name": "component", + "description": "ID for the component of the SP; this is the internal identifier used by the SP itself to identify its components.", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "slot", + "required": true, + "schema": { + "type": "integer", + "format": "uint32", + "minimum": 0 + } + }, + { + "in": "path", + "name": "type", + "required": true, + "schema": { + "$ref": "#/components/schemas/SpType" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetRotBootInfoParams" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RotState" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, "/sp/{type}/{slot}/component/{component}/serial-console/attach": { "get": { "summary": "Upgrade into a websocket connection attached to the given SP component's", @@ -1499,6 +1563,19 @@ "slot" ] }, + "GetRotBootInfoParams": { + "type": "object", + "properties": { + "version": { + "type": "integer", + "format": "uint8", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, "HostPhase2Progress": { "oneOf": [ { @@ -2316,6 +2393,24 @@ "base64_data" ] }, + "RotImageError": { + "type": "string", + "enum": [ + "unchecked", + "first_page_erased", + "partially_programmed", + "invalid_length", + "header_not_programmed", + "bootloader_too_small", + "bad_magic", + "header_image_size", + "unaligned_length", + "unsupported_type", + "reset_vector_not_thumb2", + "reset_vector", + "signature" + ] + }, "RotSlot": { "oneOf": [ { @@ -2378,7 +2473,7 @@ "state": { "type": "string", "enum": [ - "enabled" + "v2" ] }, "transient_boot_preference": { @@ -2413,6 +2508,92 @@ "message", "state" ] + }, + { + "type": "object", + "properties": { + "active": { + "$ref": "#/components/schemas/RotSlot" + }, + "pending_persistent_boot_preference": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotSlot" + } + ] + }, + "persistent_boot_preference": { + "$ref": "#/components/schemas/RotSlot" + }, + "slot_a_fwid": { + "type": "string" + }, + "slot_a_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "slot_b_fwid": { + "type": "string" + }, + "slot_b_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "stage0_fwid": { + "type": "string" + }, + "stage0_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "stage0next_fwid": { + "type": "string" + }, + "stage0next_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "state": { + "type": "string", + "enum": [ + "v3" + ] + }, + "transient_boot_preference": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotSlot" + } + ] + } + }, + "required": [ + "active", + "persistent_boot_preference", + "slot_a_fwid", + "slot_b_fwid", + "stage0_fwid", + "stage0next_fwid", + "state" + ] } ] }, diff --git a/openapi/wicketd.json b/openapi/wicketd.json index 74440305952..09b8ebbdff9 100644 --- a/openapi/wicketd.json +++ b/openapi/wicketd.json @@ -2599,6 +2599,25 @@ "sps" ] }, + "RotImageError": { + "description": "RotImageError\n\n
JSON schema\n\n```json { \"type\": \"string\", \"enum\": [ \"unchecked\", \"first_page_erased\", \"partially_programmed\", \"invalid_length\", \"header_not_programmed\", \"bootloader_too_small\", \"bad_magic\", \"header_image_size\", \"unaligned_length\", \"unsupported_type\", \"reset_vector_not_thumb2\", \"reset_vector\", \"signature\" ] } ```
", + "type": "string", + "enum": [ + "unchecked", + "first_page_erased", + "partially_programmed", + "invalid_length", + "header_not_programmed", + "bootloader_too_small", + "bad_magic", + "header_image_size", + "unaligned_length", + "unsupported_type", + "reset_vector_not_thumb2", + "reset_vector", + "signature" + ] + }, "RotInventory": { "description": "RoT-related data that isn't already supplied in [`SpState`].", "type": "object", @@ -2661,7 +2680,7 @@ ] }, "RotState": { - "description": "RotState\n\n
JSON schema\n\n```json { \"oneOf\": [ { \"type\": \"object\", \"required\": [ \"active\", \"persistent_boot_preference\", \"state\" ], \"properties\": { \"active\": { \"$ref\": \"#/components/schemas/RotSlot\" }, \"pending_persistent_boot_preference\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotSlot\" } ] }, \"persistent_boot_preference\": { \"$ref\": \"#/components/schemas/RotSlot\" }, \"slot_a_sha3_256_digest\": { \"type\": [ \"string\", \"null\" ] }, \"slot_b_sha3_256_digest\": { \"type\": [ \"string\", \"null\" ] }, \"state\": { \"type\": \"string\", \"enum\": [ \"enabled\" ] }, \"transient_boot_preference\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotSlot\" } ] } } }, { \"type\": \"object\", \"required\": [ \"message\", \"state\" ], \"properties\": { \"message\": { \"type\": \"string\" }, \"state\": { \"type\": \"string\", \"enum\": [ \"communication_failed\" ] } } } ] } ```
", + "description": "RotState\n\n
JSON schema\n\n```json { \"oneOf\": [ { \"type\": \"object\", \"required\": [ \"active\", \"persistent_boot_preference\", \"state\" ], \"properties\": { \"active\": { \"$ref\": \"#/components/schemas/RotSlot\" }, \"pending_persistent_boot_preference\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotSlot\" } ] }, \"persistent_boot_preference\": { \"$ref\": \"#/components/schemas/RotSlot\" }, \"slot_a_sha3_256_digest\": { \"type\": [ \"string\", \"null\" ] }, \"slot_b_sha3_256_digest\": { \"type\": [ \"string\", \"null\" ] }, \"state\": { \"type\": \"string\", \"enum\": [ \"v2\" ] }, \"transient_boot_preference\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotSlot\" } ] } } }, { \"type\": \"object\", \"required\": [ \"message\", \"state\" ], \"properties\": { \"message\": { \"type\": \"string\" }, \"state\": { \"type\": \"string\", \"enum\": [ \"communication_failed\" ] } } }, { \"type\": \"object\", \"required\": [ \"active\", \"persistent_boot_preference\", \"slot_a_fwid\", \"slot_b_fwid\", \"stage0_fwid\", \"stage0next_fwid\", \"state\" ], \"properties\": { \"active\": { \"$ref\": \"#/components/schemas/RotSlot\" }, \"pending_persistent_boot_preference\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotSlot\" } ] }, \"persistent_boot_preference\": { \"$ref\": \"#/components/schemas/RotSlot\" }, \"slot_a_fwid\": { \"type\": \"string\" }, \"slot_a_status\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotImageError\" } ] }, \"slot_b_fwid\": { \"type\": \"string\" }, \"slot_b_status\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotImageError\" } ] }, \"stage0_fwid\": { \"type\": \"string\" }, \"stage0_status\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotImageError\" } ] }, \"stage0next_fwid\": { \"type\": \"string\" }, \"stage0next_status\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotImageError\" } ] }, \"state\": { \"type\": \"string\", \"enum\": [ \"v3\" ] }, \"transient_boot_preference\": { \"allOf\": [ { \"$ref\": \"#/components/schemas/RotSlot\" } ] } } } ] } ```
", "oneOf": [ { "type": "object", @@ -2691,7 +2710,7 @@ "state": { "type": "string", "enum": [ - "enabled" + "v2" ] }, "transient_boot_preference": { @@ -2726,6 +2745,92 @@ "message", "state" ] + }, + { + "type": "object", + "properties": { + "active": { + "$ref": "#/components/schemas/RotSlot" + }, + "pending_persistent_boot_preference": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotSlot" + } + ] + }, + "persistent_boot_preference": { + "$ref": "#/components/schemas/RotSlot" + }, + "slot_a_fwid": { + "type": "string" + }, + "slot_a_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "slot_b_fwid": { + "type": "string" + }, + "slot_b_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "stage0_fwid": { + "type": "string" + }, + "stage0_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "stage0next_fwid": { + "type": "string" + }, + "stage0next_status": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotImageError" + } + ] + }, + "state": { + "type": "string", + "enum": [ + "v3" + ] + }, + "transient_boot_preference": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RotSlot" + } + ] + } + }, + "required": [ + "active", + "persistent_boot_preference", + "slot_a_fwid", + "slot_b_fwid", + "stage0_fwid", + "stage0next_fwid", + "state" + ] } ] }, diff --git a/schema/crdb/dbinit.sql b/schema/crdb/dbinit.sql index e77b7b81ef8..b2b00f765b2 100644 --- a/schema/crdb/dbinit.sql +++ b/schema/crdb/dbinit.sql @@ -2901,6 +2901,22 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_service_processor ( PRIMARY KEY (inv_collection_id, hw_baseboard_id) ); +CREATE TYPE IF NOT EXISTS omicron.public.rot_image_error AS ENUM ( + 'unchecked', + 'first_page_erased', + 'partially_programmed', + 'invalid_length', + 'header_not_programmed', + 'bootloader_too_small', + 'bad_magic', + 'header_image_size', + 'unaligned_length', + 'unsupported_type', + 'not_thumb2', + 'reset_vector', + 'signature' +); + -- root of trust information reported by SP -- There's usually one row here for each row in inv_service_processor, but not -- necessarily. @@ -2922,6 +2938,13 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_root_of_trust ( slot_boot_pref_persistent_pending omicron.public.hw_rot_slot, -- nullable slot_a_sha3_256 TEXT, -- nullable slot_b_sha3_256 TEXT, -- nullable + stage0_fwid TEXT, -- nullable + stage0next_fwid TEXT, -- nullable + + slot_a_status omicron.public.rot_image_error, -- nullable + slot_b_status omicron.public.rot_image_error, -- nullable + stage0_status omicron.public.rot_image_error, -- nullable + stage0next_status omicron.public.rot_image_error, -- nullable PRIMARY KEY (inv_collection_id, hw_baseboard_id) ); @@ -2930,7 +2953,9 @@ CREATE TYPE IF NOT EXISTS omicron.public.caboose_which AS ENUM ( 'sp_slot_0', 'sp_slot_1', 'rot_slot_A', - 'rot_slot_B' + 'rot_slot_B', + 'stage0', + 'stage0next' ); -- cabooses found @@ -3842,7 +3867,7 @@ INSERT INTO omicron.public.db_metadata ( version, target_version ) VALUES - (TRUE, NOW(), NOW(), '59.0.0', NULL) + (TRUE, NOW(), NOW(), '60.0.0', NULL) ON CONFLICT DO NOTHING; COMMIT; diff --git a/schema/crdb/expose-stage0/up01.sql b/schema/crdb/expose-stage0/up01.sql new file mode 100644 index 00000000000..f36e2c11e14 --- /dev/null +++ b/schema/crdb/expose-stage0/up01.sql @@ -0,0 +1,17 @@ +-- Create the `rot_image_error` type +CREATE TYPE IF NOT EXISTS omicron.public.rot_image_error AS ENUM ( + 'unchecked', + 'first_page_erased', + 'partially_programmed', + 'invalid_length', + 'header_not_programmed', + 'bootloader_too_small', + 'bad_magic', + 'header_image_size', + 'unaligned_length', + 'unsupported_type', + 'not_thumb2', + 'reset_vector', + 'signature' +); + diff --git a/schema/crdb/expose-stage0/up02.sql b/schema/crdb/expose-stage0/up02.sql new file mode 100644 index 00000000000..72e206089be --- /dev/null +++ b/schema/crdb/expose-stage0/up02.sql @@ -0,0 +1,8 @@ +-- Add new fields for stage0. These can all correctly be NULL +ALTER TABLE omicron.inv_root_of_trust + ADD COLUMN IF NOT EXISTS stage0_fwid TEXT, + ADD COLUMN IF NOT EXISTS stage0next_fwid TEXT, + ADD COLUMN IF NOT EXISTS slot_a_status omicron.public.rot_image_error, + ADD COLUMN IF NOT EXISTS slot_b_status omicron.public.rot_image_error, + ADD COLUMN IF NOT EXISTS stage0_status omicron.public.rot_image_error, + ADD COLUMN IF NOT EXISTS stage0next_status omicron.public.rot_image_error; diff --git a/schema/crdb/expose-stage0/up03.sql b/schema/crdb/expose-stage0/up03.sql new file mode 100644 index 00000000000..5f12436af30 --- /dev/null +++ b/schema/crdb/expose-stage0/up03.sql @@ -0,0 +1,2 @@ +-- add stage0/stage0next to the caboose targets +ALTER TYPE omicron.public.caboose_which ADD VALUE IF NOT EXISTS 'stage0'; diff --git a/schema/crdb/expose-stage0/up04.sql b/schema/crdb/expose-stage0/up04.sql new file mode 100644 index 00000000000..c72f43560f9 --- /dev/null +++ b/schema/crdb/expose-stage0/up04.sql @@ -0,0 +1,2 @@ +-- add stage0/stage0next to the caboose targets +ALTER TYPE omicron.public.caboose_which ADD VALUE IF NOT EXISTS 'stage0next'; diff --git a/sp-sim/examples/config.toml b/sp-sim/examples/config.toml index 9766be2f5c3..eda37959cd7 100644 --- a/sp-sim/examples/config.toml +++ b/sp-sim/examples/config.toml @@ -21,7 +21,7 @@ device_id_cert_seed = "01de00000000000000000000000000000000000000000000000000000 id = "sp3-host-cpu" device = "sp3-host-cpu" description = "FAKE host cpu" -capabilities.bits = 0 +capabilities = 0 presence = "Present" serial_console = "[::1]:33312" @@ -36,7 +36,7 @@ device_id_cert_seed = "01de00000000000000000000000000000000000000000000000000000 id = "sp3-host-cpu" device = "sp3-host-cpu" description = "FAKE host cpu" -capabilities.bits = 0 +capabilities = 0 presence = "Present" serial_console = "[::1]:33322" diff --git a/sp-sim/src/gimlet.rs b/sp-sim/src/gimlet.rs index 0c109c1bd78..dac7e5d9271 100644 --- a/sp-sim/src/gimlet.rs +++ b/sp-sim/src/gimlet.rs @@ -15,6 +15,7 @@ use crate::update::SimSpUpdate; use crate::Responsiveness; use crate::SimulatedSp; use crate::SIM_ROT_BOARD; +use crate::SIM_ROT_STAGE0_BOARD; use anyhow::{anyhow, bail, Context, Result}; use async_trait::async_trait; use futures::future; @@ -25,6 +26,7 @@ use gateway_messages::sp_impl::{BoundsChecked, DeviceDescription}; use gateway_messages::CfpaPage; use gateway_messages::ComponentAction; use gateway_messages::Header; +use gateway_messages::RotBootInfo; use gateway_messages::RotRequest; use gateway_messages::RotResponse; use gateway_messages::RotSlotId; @@ -1389,29 +1391,50 @@ impl SpHandler for Handler { fn get_component_caboose_value( &mut self, component: SpComponent, - _slot: u16, + slot: u16, key: [u8; 4], buf: &mut [u8], ) -> std::result::Result { - static SP_GITC: &[u8] = b"ffffffff"; + static SP_GITC0: &[u8] = b"ffffffff"; + static SP_GITC1: &[u8] = b"fefefefe"; static SP_BORD: &[u8] = SIM_GIMLET_BOARD.as_bytes(); static SP_NAME: &[u8] = b"SimGimlet"; - static SP_VERS: &[u8] = b"0.0.1"; + static SP_VERS0: &[u8] = b"0.0.2"; + static SP_VERS1: &[u8] = b"0.0.1"; - static ROT_GITC: &[u8] = b"eeeeeeee"; + static ROT_GITC0: &[u8] = b"eeeeeeee"; + static ROT_GITC1: &[u8] = b"edededed"; static ROT_BORD: &[u8] = SIM_ROT_BOARD.as_bytes(); - static ROT_NAME: &[u8] = b"SimGimlet"; - static ROT_VERS: &[u8] = b"0.0.1"; - - let val = match (component, &key) { - (SpComponent::SP_ITSELF, b"GITC") => SP_GITC, - (SpComponent::SP_ITSELF, b"BORD") => SP_BORD, - (SpComponent::SP_ITSELF, b"NAME") => SP_NAME, - (SpComponent::SP_ITSELF, b"VERS") => SP_VERS, - (SpComponent::ROT, b"GITC") => ROT_GITC, - (SpComponent::ROT, b"BORD") => ROT_BORD, - (SpComponent::ROT, b"NAME") => ROT_NAME, - (SpComponent::ROT, b"VERS") => ROT_VERS, + static ROT_NAME: &[u8] = b"SimGimletRot"; + static ROT_VERS0: &[u8] = b"0.0.4"; + static ROT_VERS1: &[u8] = b"0.0.3"; + + static STAGE0_GITC0: &[u8] = b"ddddddddd"; + static STAGE0_GITC1: &[u8] = b"dadadadad"; + static STAGE0_BORD: &[u8] = SIM_ROT_STAGE0_BOARD.as_bytes(); + static STAGE0_NAME: &[u8] = b"SimGimletRot"; + static STAGE0_VERS0: &[u8] = b"0.0.200"; + static STAGE0_VERS1: &[u8] = b"0.0.200"; + + let val = match (component, &key, slot) { + (SpComponent::SP_ITSELF, b"GITC", 0) => SP_GITC0, + (SpComponent::SP_ITSELF, b"GITC", 1) => SP_GITC1, + (SpComponent::SP_ITSELF, b"BORD", _) => SP_BORD, + (SpComponent::SP_ITSELF, b"NAME", _) => SP_NAME, + (SpComponent::SP_ITSELF, b"VERS", 0) => SP_VERS0, + (SpComponent::SP_ITSELF, b"VERS", 1) => SP_VERS1, + (SpComponent::ROT, b"GITC", 0) => ROT_GITC0, + (SpComponent::ROT, b"GITC", 1) => ROT_GITC1, + (SpComponent::ROT, b"BORD", _) => ROT_BORD, + (SpComponent::ROT, b"NAME", _) => ROT_NAME, + (SpComponent::ROT, b"VERS", 0) => ROT_VERS0, + (SpComponent::ROT, b"VERS", 1) => ROT_VERS1, + (SpComponent::STAGE0, b"GITC", 0) => STAGE0_GITC0, + (SpComponent::STAGE0, b"GITC", 1) => STAGE0_GITC1, + (SpComponent::STAGE0, b"BORD", _) => STAGE0_BORD, + (SpComponent::STAGE0, b"NAME", _) => STAGE0_NAME, + (SpComponent::STAGE0, b"VERS", 0) => STAGE0_VERS0, + (SpComponent::STAGE0, b"VERS", 1) => STAGE0_VERS1, _ => return Err(SpError::NoSuchCabooseKey(key)), }; @@ -1445,6 +1468,71 @@ impl SpHandler for Handler { buf[dummy_page.len()..].fill(0); Ok(RotResponse::Ok) } + + fn vpd_lock_status_all( + &mut self, + _buf: &mut [u8], + ) -> Result { + Err(SpError::RequestUnsupportedForSp) + } + + fn reset_component_trigger_with_watchdog( + &mut self, + component: SpComponent, + _time_ms: u32, + ) -> Result<(), SpError> { + debug!( + &self.log, "received reset trigger with watchdog request"; + "component" => ?component, + ); + if component == SpComponent::SP_ITSELF { + if self.reset_pending == Some(SpComponent::SP_ITSELF) { + self.update_state.sp_reset(); + self.reset_pending = None; + if let Some(signal) = self.should_fail_to_respond_signal.take() + { + // Instruct `server::handle_request()` to _not_ respond to + // this request at all, simulating an SP actually resetting. + signal(); + } + Ok(()) + } else { + Err(SpError::ResetComponentTriggerWithoutPrepare) + } + } else if component == SpComponent::ROT { + if self.reset_pending == Some(SpComponent::ROT) { + self.update_state.rot_reset(); + self.reset_pending = None; + Ok(()) + } else { + Err(SpError::ResetComponentTriggerWithoutPrepare) + } + } else { + Err(SpError::RequestUnsupportedForComponent) + } + } + + fn disable_component_watchdog( + &mut self, + _component: SpComponent, + ) -> Result<(), SpError> { + Ok(()) + } + fn component_watchdog_supported( + &mut self, + _component: SpComponent, + ) -> Result<(), SpError> { + Ok(()) + } + + fn versioned_rot_boot_info( + &mut self, + _sender: SocketAddrV6, + _port: SpPort, + _version: u8, + ) -> Result { + Err(SpError::RequestUnsupportedForSp) + } } impl SimSpHandler for Handler { diff --git a/sp-sim/src/lib.rs b/sp-sim/src/lib.rs index 8a8418b84de..ca9231bec01 100644 --- a/sp-sim/src/lib.rs +++ b/sp-sim/src/lib.rs @@ -30,6 +30,7 @@ use tokio::sync::mpsc; use tokio::sync::watch; pub const SIM_ROT_BOARD: &str = "SimRot"; +pub const SIM_ROT_STAGE0_BOARD: &str = "SimRotStage0"; #[derive(Debug, Clone, Copy, PartialEq, Eq)] pub enum Responsiveness { diff --git a/sp-sim/src/sidecar.rs b/sp-sim/src/sidecar.rs index 1bd6fe49649..cf0a567c28f 100644 --- a/sp-sim/src/sidecar.rs +++ b/sp-sim/src/sidecar.rs @@ -17,6 +17,7 @@ use crate::update::SimSpUpdate; use crate::Responsiveness; use crate::SimulatedSp; use crate::SIM_ROT_BOARD; +use crate::SIM_ROT_STAGE0_BOARD; use anyhow::Result; use async_trait::async_trait; use futures::future; @@ -35,6 +36,7 @@ use gateway_messages::IgnitionCommand; use gateway_messages::IgnitionState; use gateway_messages::MgsError; use gateway_messages::PowerState; +use gateway_messages::RotBootInfo; use gateway_messages::RotRequest; use gateway_messages::RotResponse; use gateway_messages::RotSlotId; @@ -1118,29 +1120,50 @@ impl SpHandler for Handler { fn get_component_caboose_value( &mut self, component: SpComponent, - _slot: u16, + slot: u16, key: [u8; 4], buf: &mut [u8], ) -> std::result::Result { - static SP_GITC: &[u8] = b"ffffffff"; + static SP_GITC0: &[u8] = b"ffffffff"; + static SP_GITC1: &[u8] = b"fefefefe"; static SP_BORD: &[u8] = SIM_SIDECAR_BOARD.as_bytes(); static SP_NAME: &[u8] = b"SimSidecar"; - static SP_VERS: &[u8] = b"0.0.1"; + static SP_VERS0: &[u8] = b"0.0.2"; + static SP_VERS1: &[u8] = b"0.0.1"; - static ROT_GITC: &[u8] = b"eeeeeeee"; + static ROT_GITC0: &[u8] = b"eeeeeeee"; + static ROT_GITC1: &[u8] = b"edededed"; static ROT_BORD: &[u8] = SIM_ROT_BOARD.as_bytes(); static ROT_NAME: &[u8] = b"SimSidecar"; - static ROT_VERS: &[u8] = b"0.0.1"; - - let val = match (component, &key) { - (SpComponent::SP_ITSELF, b"GITC") => SP_GITC, - (SpComponent::SP_ITSELF, b"BORD") => SP_BORD, - (SpComponent::SP_ITSELF, b"NAME") => SP_NAME, - (SpComponent::SP_ITSELF, b"VERS") => SP_VERS, - (SpComponent::ROT, b"GITC") => ROT_GITC, - (SpComponent::ROT, b"BORD") => ROT_BORD, - (SpComponent::ROT, b"NAME") => ROT_NAME, - (SpComponent::ROT, b"VERS") => ROT_VERS, + static ROT_VERS0: &[u8] = b"0.0.4"; + static ROT_VERS1: &[u8] = b"0.0.3"; + + static STAGE0_GITC0: &[u8] = b"dddddddd"; + static STAGE0_GITC1: &[u8] = b"dadadada"; + static STAGE0_BORD: &[u8] = SIM_ROT_STAGE0_BOARD.as_bytes(); + static STAGE0_NAME: &[u8] = b"SimSidecar"; + static STAGE0_VERS0: &[u8] = b"0.0.200"; + static STAGE0_VERS1: &[u8] = b"0.0.200"; + + let val = match (component, &key, slot) { + (SpComponent::SP_ITSELF, b"GITC", 0) => SP_GITC0, + (SpComponent::SP_ITSELF, b"GITC", 1) => SP_GITC1, + (SpComponent::SP_ITSELF, b"BORD", _) => SP_BORD, + (SpComponent::SP_ITSELF, b"NAME", _) => SP_NAME, + (SpComponent::SP_ITSELF, b"VERS", 0) => SP_VERS0, + (SpComponent::SP_ITSELF, b"VERS", 1) => SP_VERS1, + (SpComponent::ROT, b"GITC", 0) => ROT_GITC0, + (SpComponent::ROT, b"GITC", 1) => ROT_GITC1, + (SpComponent::ROT, b"BORD", _) => ROT_BORD, + (SpComponent::ROT, b"NAME", _) => ROT_NAME, + (SpComponent::ROT, b"VERS", 0) => ROT_VERS0, + (SpComponent::ROT, b"VERS", 1) => ROT_VERS1, + (SpComponent::STAGE0, b"GITC", 0) => STAGE0_GITC0, + (SpComponent::STAGE0, b"GITC", 1) => STAGE0_GITC1, + (SpComponent::STAGE0, b"BORD", _) => STAGE0_BORD, + (SpComponent::STAGE0, b"NAME", _) => STAGE0_NAME, + (SpComponent::STAGE0, b"VERS", 0) => STAGE0_VERS0, + (SpComponent::STAGE0, b"VERS", 1) => STAGE0_VERS1, _ => return Err(SpError::NoSuchCabooseKey(key)), }; @@ -1174,6 +1197,71 @@ impl SpHandler for Handler { buf[dummy_page.len()..].fill(0); Ok(RotResponse::Ok) } + + fn vpd_lock_status_all( + &mut self, + _buf: &mut [u8], + ) -> Result { + Err(SpError::RequestUnsupportedForSp) + } + + fn reset_component_trigger_with_watchdog( + &mut self, + component: SpComponent, + _time_ms: u32, + ) -> Result<(), SpError> { + debug!( + &self.log, "received sys-reset trigger with wathcdog request"; + "component" => ?component, + ); + if component == SpComponent::SP_ITSELF { + if self.reset_pending == Some(SpComponent::SP_ITSELF) { + self.update_state.sp_reset(); + self.reset_pending = None; + if let Some(signal) = self.should_fail_to_respond_signal.take() + { + // Instruct `server::handle_request()` to _not_ respond to + // this request at all, simulating an SP actually resetting. + signal(); + } + Ok(()) + } else { + Err(SpError::ResetComponentTriggerWithoutPrepare) + } + } else if component == SpComponent::ROT { + if self.reset_pending == Some(SpComponent::ROT) { + self.update_state.rot_reset(); + self.reset_pending = None; + Ok(()) + } else { + Err(SpError::ResetComponentTriggerWithoutPrepare) + } + } else { + Err(SpError::RequestUnsupportedForComponent) + } + } + + fn disable_component_watchdog( + &mut self, + _component: SpComponent, + ) -> Result<(), SpError> { + Ok(()) + } + fn component_watchdog_supported( + &mut self, + _component: SpComponent, + ) -> Result<(), SpError> { + Ok(()) + } + + fn versioned_rot_boot_info( + &mut self, + _sender: SocketAddrV6, + _port: SpPort, + _version: u8, + ) -> Result { + Err(SpError::RequestUnsupportedForSp) + } } impl SimSpHandler for Handler { diff --git a/wicket/src/ui/panes/overview.rs b/wicket/src/ui/panes/overview.rs index f2d4d4a7aba..02e86f541be 100644 --- a/wicket/src/ui/panes/overview.rs +++ b/wicket/src/ui/panes/overview.rs @@ -675,7 +675,178 @@ fn inventory_description(component: &Component) -> Text { let mut label = vec![Span::styled("Root of Trust: ", label_style)]; if let Some(rot) = sp.state().map(|sp| &sp.rot) { match rot { - RotState::Enabled { + RotState::V3 { + active, + pending_persistent_boot_preference, + persistent_boot_preference, + slot_a_fwid, + slot_b_fwid, + stage0_fwid, + stage0next_fwid: _, + transient_boot_preference, + slot_a_status, + slot_b_status: _, + stage0_status: _, + stage0next_status: _, + } => { + spans.push(label.into()); + spans.push( + vec![ + bullet(), + Span::styled("Active Slot: ", label_style), + Span::styled(format!("{active:?}"), ok_style), + ] + .into(), + ); + spans.push( + vec![ + bullet(), + Span::styled( + "Persistent Boot Preference: ", + label_style, + ), + Span::styled( + format!("{persistent_boot_preference:?}"), + ok_style, + ), + ] + .into(), + ); + spans.push( + vec![ + bullet(), + Span::styled( + "Pending Persistent Boot Preference: ", + label_style, + ), + Span::styled( + match pending_persistent_boot_preference.as_ref() { + Some(pref) => Cow::from(format!("{pref:?}")), + None => Cow::from("None"), + }, + ok_style, + ), + ] + .into(), + ); + spans.push( + vec![ + bullet(), + Span::styled( + "Transient Boot Preference: ", + label_style, + ), + Span::styled( + match transient_boot_preference.as_ref() { + Some(pref) => Cow::from(format!("{pref:?}")), + None => Cow::from("None"), + }, + ok_style, + ), + ] + .into(), + ); + spans.push( + vec![bullet(), Span::styled("Slot A:", label_style)].into(), + ); + spans.push( + vec![ + nest_bullet(), + Span::styled("Image SHA3-256: ", label_style), + Span::styled(slot_a_fwid.clone(), ok_style), + ] + .into(), + ); + if let Some(caboose) = + sp.rot().and_then(|r| r.caboose_a.as_ref()) + { + append_caboose(&mut spans, nest_bullet(), caboose); + } else { + spans.push( + vec![ + nest_bullet(), + Span::styled("No further information", warn_style), + ] + .into(), + ); + } + spans.push( + vec![ + nest_bullet(), + Span::styled("Image status: ", label_style), + ] + .into(), + ); + if let Some(_) = slot_a_status { + spans.push( + vec![ + nest_bullet(), + Span::styled("Error: ", bad_style), + // FIXME + //Span::styled(e, bad_style), + ] + .into(), + ); + } else { + spans.push( + vec![ + nest_bullet(), + Span::styled("Status Good", ok_style), + ] + .into(), + ); + } + spans.push( + vec![bullet(), Span::styled("Slot B:", label_style)].into(), + ); + spans.push( + vec![ + nest_bullet(), + Span::styled("Image SHA3-256: ", label_style), + Span::styled(slot_b_fwid.clone(), ok_style), + ] + .into(), + ); + if let Some(caboose) = + sp.rot().and_then(|r| r.caboose_b.as_ref()) + { + append_caboose(&mut spans, nest_bullet(), caboose); + } else { + spans.push( + vec![ + nest_bullet(), + Span::styled("No further information", warn_style), + ] + .into(), + ); + } + spans.push( + vec![bullet(), Span::styled("Stage0:", label_style)].into(), + ); + spans.push( + vec![ + nest_bullet(), + Span::styled("Image SHA3-256: ", label_style), + Span::styled(stage0_fwid.clone(), ok_style), + ] + .into(), + ); + if let Some(caboose) = + sp.rot().and_then(|r| r.caboose_stage0.as_ref()) + { + append_caboose(&mut spans, nest_bullet(), caboose); + } else { + spans.push( + vec![ + nest_bullet(), + Span::styled("No further information", warn_style), + ] + .into(), + ); + } + } + + RotState::V2 { active, pending_persistent_boot_preference, persistent_boot_preference, diff --git a/wicketd/src/mgs/inventory.rs b/wicketd/src/mgs/inventory.rs index 5334c08a40e..49d9d01885c 100644 --- a/wicketd/src/mgs/inventory.rs +++ b/wicketd/src/mgs/inventory.rs @@ -316,7 +316,14 @@ async fn sp_fetching_task( if rot.is_none() || prev_state.as_ref() != Some(&state) { match &state.rot { - RotState::Enabled { active, .. } => { + RotState::V2 { active, .. } => { + rot = Some(RotInventory { + active: *active, + caboose_a: None, + caboose_b: None, + }); + } + RotState::V3 { active, .. } => { rot = Some(RotInventory { active: *active, caboose_a: None, diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index 4222d6141a3..f33850d776e 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -22,7 +22,7 @@ base64 = { version = "0.22.0" } bit-set = { version = "0.5.3" } bit-vec = { version = "0.6.3" } bitflags-dff4ba8e3ae991db = { package = "bitflags", version = "1.3.2" } -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["serde"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["serde"] } bstr-6f8ce4dd05d13bba = { package = "bstr", version = "0.2.17" } bstr-dff4ba8e3ae991db = { package = "bstr", version = "1.9.0" } byteorder = { version = "1.5.0" } @@ -51,7 +51,7 @@ futures-io = { version = "0.3.30", default-features = false, features = ["std"] futures-sink = { version = "0.3.30" } futures-task = { version = "0.3.30", default-features = false, features = ["std"] } futures-util = { version = "0.3.30", features = ["channel", "io", "sink"] } -gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "2739c18e80697aa6bc235c935176d14b4d757ee9", features = ["std"] } +gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "c85a4ca043aaa389df12aac5348d8a3feda28762", features = ["std"] } generic-array = { version = "0.14.7", default-features = false, features = ["more_lengths", "zeroize"] } getrandom = { version = "0.2.12", default-features = false, features = ["js", "rdrand", "std"] } group = { version = "0.13.0", default-features = false, features = ["alloc"] } @@ -96,7 +96,7 @@ serde_json = { version = "1.0.116", features = ["raw_value", "unbounded_depth"] sha2 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.4.0", features = ["inline", "unicode"] } slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug", "release_max_level_trace"] } -socket2 = { version = "0.5.6", default-features = false, features = ["all"] } +socket2 = { version = "0.5.7", default-features = false, features = ["all"] } spin = { version = "0.9.8" } string_cache = { version = "0.8.7" } subtle = { version = "2.5.0" } @@ -113,7 +113,6 @@ tracing = { version = "0.1.40", features = ["log"] } trust-dns-proto = { version = "0.22.0" } unicode-bidi = { version = "0.3.15" } unicode-normalization = { version = "0.1.22" } -usdt = { version = "0.3.5" } usdt-impl = { version = "0.5.0", default-features = false, features = ["asm", "des"] } uuid = { version = "1.8.0", features = ["serde", "v4"] } yasna = { version = "0.5.2", features = ["bit-vec", "num-bigint", "std", "time"] } @@ -130,7 +129,7 @@ base64 = { version = "0.22.0" } bit-set = { version = "0.5.3" } bit-vec = { version = "0.6.3" } bitflags-dff4ba8e3ae991db = { package = "bitflags", version = "1.3.2" } -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["serde"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["serde"] } bstr-6f8ce4dd05d13bba = { package = "bstr", version = "0.2.17" } bstr-dff4ba8e3ae991db = { package = "bstr", version = "1.9.0" } byteorder = { version = "1.5.0" } @@ -159,7 +158,7 @@ futures-io = { version = "0.3.30", default-features = false, features = ["std"] futures-sink = { version = "0.3.30" } futures-task = { version = "0.3.30", default-features = false, features = ["std"] } futures-util = { version = "0.3.30", features = ["channel", "io", "sink"] } -gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "2739c18e80697aa6bc235c935176d14b4d757ee9", features = ["std"] } +gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "c85a4ca043aaa389df12aac5348d8a3feda28762", features = ["std"] } generic-array = { version = "0.14.7", default-features = false, features = ["more_lengths", "zeroize"] } getrandom = { version = "0.2.12", default-features = false, features = ["js", "rdrand", "std"] } group = { version = "0.13.0", default-features = false, features = ["alloc"] } @@ -204,7 +203,7 @@ serde_json = { version = "1.0.116", features = ["raw_value", "unbounded_depth"] sha2 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.4.0", features = ["inline", "unicode"] } slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug", "release_max_level_trace"] } -socket2 = { version = "0.5.6", default-features = false, features = ["all"] } +socket2 = { version = "0.5.7", default-features = false, features = ["all"] } spin = { version = "0.9.8" } string_cache = { version = "0.8.7" } subtle = { version = "2.5.0" } @@ -222,7 +221,6 @@ tracing = { version = "0.1.40", features = ["log"] } trust-dns-proto = { version = "0.22.0" } unicode-bidi = { version = "0.3.15" } unicode-normalization = { version = "0.1.22" } -usdt = { version = "0.3.5" } usdt-impl = { version = "0.5.0", default-features = false, features = ["asm", "des"] } uuid = { version = "1.8.0", features = ["serde", "v4"] } yasna = { version = "0.5.2", features = ["bit-vec", "num-bigint", "std", "time"] } @@ -231,52 +229,52 @@ zeroize = { version = "1.7.0", features = ["std", "zeroize_derive"] } zip = { version = "0.6.6", default-features = false, features = ["bzip2", "deflate"] } [target.x86_64-unknown-linux-gnu.dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" } rustix = { version = "0.38.31", features = ["fs", "termios"] } [target.x86_64-unknown-linux-gnu.build-dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" } rustix = { version = "0.38.31", features = ["fs", "termios"] } [target.x86_64-apple-darwin.dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" } rustix = { version = "0.38.31", features = ["fs", "termios"] } [target.x86_64-apple-darwin.build-dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" } rustix = { version = "0.38.31", features = ["fs", "termios"] } [target.aarch64-apple-darwin.dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" } rustix = { version = "0.38.31", features = ["fs", "termios"] } [target.aarch64-apple-darwin.build-dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" } rustix = { version = "0.38.31", features = ["fs", "termios"] } [target.x86_64-unknown-illumos.dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" } rustix = { version = "0.38.31", features = ["fs", "termios"] } [target.x86_64-unknown-illumos.build-dependencies] -bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.2", default-features = false, features = ["std"] } +bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.5.0", default-features = false, features = ["std"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } mio = { version = "0.8.11", features = ["net", "os-ext"] } once_cell = { version = "1.19.0" }