diff options
| author | Rafał Miłecki <rafal@milecki.pl> | 2019-08-23 08:15:23 +0200 |
|---|---|---|
| committer | Rafał Miłecki <rafal@milecki.pl> | 2019-08-30 08:34:10 +0200 |
| commit | f522047958f99ab7b506ec550f796c0460af1a85 (patch) | |
| tree | c10790cf26e64f9ada7cfee8c83912b3900c3c5f /package/base-files/files/usr | |
| parent | 7f9edadf85299cd4fc965a811b40eaa57a368486 (diff) | |
| download | upstream-f522047958f99ab7b506ec550f796c0460af1a85.tar.gz upstream-f522047958f99ab7b506ec550f796c0460af1a85.tar.bz2 upstream-f522047958f99ab7b506ec550f796c0460af1a85.zip | |
base-files: use JSON for storing firmware validation info
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)
This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true
},
"valid": true,
"forceable": true
}
Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info
This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.
Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.
Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
method so:
a) It's possible to safely sysupgrade using ubus only
b) /sbin/sysupgrade can be more like just a CLI
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Diffstat (limited to 'package/base-files/files/usr')
| -rwxr-xr-x | package/base-files/files/usr/libexec/validate_firmware_image | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/package/base-files/files/usr/libexec/validate_firmware_image b/package/base-files/files/usr/libexec/validate_firmware_image new file mode 100755 index 0000000000..a07796c9dc --- /dev/null +++ b/package/base-files/files/usr/libexec/validate_firmware_image @@ -0,0 +1,59 @@ +#!/bin/sh + +. /lib/functions.sh +. /lib/functions/system.sh +. /usr/share/libubox/jshn.sh + +include /lib/upgrade + +VALID=1 +FORCEABLE=1 + +# Mark image as invalid but still possible to install +notify_firmware_invalid() { + VALID=0 +} + +# Mark image as broken (impossible to install) +notify_firmware_broken() { + VALID=0 + FORCEABLE=0 +} + +# Add result of validation test +notify_firmware_test_result() { + local old_ns + + json_set_namespace validate_firmware_image old_ns + json_add_boolean "$1" "$2" + json_set_namespace $old_ns +} + +err_to_bool() { + [ "$1" -ne 0 ] && echo 0 || echo 1 +} + +fwtool_check_signature "$1" >&2 +FWTOOL_SIGNATURE=$? +[ "$FWTOOL_SIGNATURE" -ne 0 ] && notify_firmware_invalid + +fwtool_check_image "$1" >&2 +FWTOOL_DEVICE_MATCH=$? +[ "$FWTOOL_DEVICE_MATCH" -ne 0 ] && notify_firmware_invalid + +json_set_namespace validate_firmware_image old_ns +json_init + json_add_object "tests" + json_add_boolean fwtool_signature "$(err_to_bool $FWTOOL_SIGNATURE)" + json_add_boolean fwtool_device_match "$(err_to_bool $FWTOOL_DEVICE_MATCH)" + + # Call platform_check_image() here so it can add its test + # results and still mark image properly. + json_set_namespace $old_ns + platform_check_image "$1" >&2 || notify_firmware_invalid + json_set_namespace validate_firmware_image old_ns + json_close_object + json_add_boolean valid "$VALID" + json_add_boolean forceable "$FORCEABLE" +json_dump -i +json_set_namespace $old_ns |