Add MGS command to clear APOB (#2456)

Author: mkeeter

Cargo.lock

@@ -12,8 +12,8 @@ use crate::{
     SECTOR_SIZE_BYTES,
 };
 use drv_hf_api::{
-    ApobBeginError, ApobCommitError, ApobHash, ApobReadError, ApobWriteError,
-    HfError,
+    ApobBeginError, ApobClearError, ApobCommitError, ApobHash, ApobReadError,
+    ApobWriteError, HfError,
 };
 use idol_runtime::{Leased, R, W};
 use ringbuf::{counted_ringbuf, ringbuf_entry};
@@ -276,6 +276,7 @@ enum Trace {
     Abl0Version(u32),
     ClearingOldMetaVersion(u32),
     ClearingNewMetaVersion(u32),
+    ApobClear,
 }
 counted_ringbuf!(Trace, 16, Trace::None);
 
@@ -834,6 +835,42 @@ impl ApobState {
         Ok(data.len())
     }
 
+    pub(crate) fn clear(
+        &mut self,
+        drv: &mut FlashDriver,
+        buf: &mut HfBufs,
+    ) -> Result<(), ApobClearError> {
+        // Check that the flash is muxed to the SP
+        drv.check_flash_mux_state()
+            .map_err(|_| ApobClearError::NotMuxedToSp)?;
+
+        match self {
+            ApobState::Waiting { read_slot, .. } => {
+                *read_slot = None;
+                // It's fine to leave write_slot as either value, since they
+                // will both be erased after we exit this function.
+            }
+            ApobState::Ready { .. } => {
+                // Don't erase the APOB if we're midway through writing, that
+                // could be confusing!
+                return Err(ApobClearError::InvalidState);
+            }
+            ApobState::Locked { .. } => {
+                // It's fine to erase the APOB after it's locked
+            }
+        }
+        ringbuf_entry!(Trace::ApobClear);
+
+        Self::slot_erase(drv, buf, ApobSlot::Slot0);
+        Self::slot_erase(drv, buf, ApobSlot::Slot1);
+
+        // Overwrite both metadata pages (one sector each)
+        drv.flash_sector_erase(Meta::Meta0.flash_addr(0).unwrap_lite());
+        drv.flash_sector_erase(Meta::Meta1.flash_addr(0).unwrap_lite());
+
+        Ok(())
+    }
+
     pub(crate) fn lock(&mut self) {
         match *self {
             ApobState::Ready { .. } | ApobState::Waiting { .. } => {

drv/cosmo-hf/src/apob.rs

@@ -587,6 +587,15 @@ impl idl::InOrderHostFlashImpl for ServerImpl {
             .map_err(RequestError::from)
     }
 
+    fn apob_clear(
+        &mut self,
+        _: &RecvMessage,
+    ) -> Result<(), RequestError<drv_hf_api::ApobClearError>> {
+        self.apob_state
+            .clear(&mut self.drv, &mut self.buf)
+            .map_err(RequestError::from)
+    }
+
     fn get_mux(
         &mut self,
         _: &RecvMessage,
@@ -1079,13 +1088,20 @@ impl idl::InOrderHostFlashImpl for FailServer {
     ) -> Result<usize, RequestError<drv_hf_api::ApobReadError>> {
         Err(drv_hf_api::ApobReadError::InvalidState.into())
     }
+
+    fn apob_clear(
+        &mut self,
+        _: &RecvMessage,
+    ) -> Result<(), RequestError<drv_hf_api::ApobClearError>> {
+        Err(drv_hf_api::ApobClearError::InvalidState.into())
+    }
 }
 
 pub mod idl {
     use drv_hf_api::{
-        ApobBeginError, ApobCommitError, ApobHash, ApobReadError,
-        ApobWriteError, HfChipId, HfDevSelect, HfError, HfMuxState,
-        HfPersistentData, HfProtectMode,
+        ApobBeginError, ApobClearError, ApobCommitError, ApobHash,
+        ApobReadError, ApobWriteError, HfChipId, HfDevSelect, HfError,
+        HfMuxState, HfPersistentData, HfProtectMode,
     };
     include!(concat!(env!("OUT_DIR"), "/server_stub.rs"));
 }

drv/cosmo-hf/src/hf.rs

@@ -960,6 +960,13 @@ impl idl::InOrderHostFlashImpl for ServerImpl {
     ) -> Result<usize, RequestError<drv_hf_api::ApobReadError>> {
         Err(drv_hf_api::ApobReadError::NotImplemented.into())
     }
+
+    fn apob_clear(
+        &mut self,
+        _: &RecvMessage,
+    ) -> Result<(), RequestError<drv_hf_api::ApobClearError>> {
+        Err(drv_hf_api::ApobClearError::NotImplemented.into())
+    }
 }
 
 impl NotificationHandler for ServerImpl {
@@ -1193,6 +1200,13 @@ impl idl::InOrderHostFlashImpl for FailServer {
     ) -> Result<usize, RequestError<drv_hf_api::ApobReadError>> {
         Err(drv_hf_api::ApobReadError::NotImplemented.into())
     }
+
+    fn apob_clear(
+        &mut self,
+        _: &RecvMessage,
+    ) -> Result<(), RequestError<drv_hf_api::ApobClearError>> {
+        Err(drv_hf_api::ApobClearError::NotImplemented.into())
+    }
 }
 
 /// Failure function, running an Idol response loop that always returns an error
@@ -1210,8 +1224,8 @@ mod idl {
         HfProtectMode,
     };
     use drv_hf_api::{
-        ApobBeginError, ApobCommitError, ApobHash, ApobReadError,
-        ApobWriteError,
+        ApobBeginError, ApobClearError, ApobCommitError, ApobHash,
+        ApobReadError, ApobWriteError,
     };
 
     include!(concat!(env!("OUT_DIR"), "/server_stub.rs"));

drv/gimlet-hf-server/src/main.rs

@@ -385,4 +385,26 @@ pub enum ApobCommitError {
     CommitFailed,
 }
 
+#[derive(
+    Debug,
+    Clone,
+    Copy,
+    PartialEq,
+    Eq,
+    Deserialize,
+    Serialize,
+    SerializedSize,
+    FromPrimitive,
+    IdolError,
+    counters::Count,
+)]
+pub enum ApobClearError {
+    /// APOB is not implemented on this hardware
+    NotImplemented = 1,
+    /// Host flash is not muxed to the SP
+    NotMuxedToSp,
+    /// The APOB state machine is in an invalid state
+    InvalidState,
+}
+
 include!(concat!(env!("OUT_DIR"), "/client_stub.rs"));

drv/hf-api/src/lib.rs

@@ -279,6 +279,13 @@ impl idl::InOrderHostFlashImpl for ServerImpl {
     ) -> Result<usize, RequestError<drv_hf_api::ApobReadError>> {
         Err(drv_hf_api::ApobReadError::InvalidState.into())
     }
+
+    fn apob_clear(
+        &mut self,
+        _: &RecvMessage,
+    ) -> Result<(), RequestError<drv_hf_api::ApobClearError>> {
+        Err(drv_hf_api::ApobClearError::NotImplemented.into())
+    }
 }
 
 impl NotificationHandler for ServerImpl {
@@ -297,8 +304,8 @@ mod idl {
         HfProtectMode,
     };
     use drv_hf_api::{
-        ApobBeginError, ApobCommitError, ApobHash, ApobReadError,
-        ApobWriteError,
+        ApobBeginError, ApobClearError, ApobCommitError, ApobHash,
+        ApobReadError, ApobWriteError,
     };
 
     include!(concat!(env!("OUT_DIR"), "/server_stub.rs"));

drv/mock-gimlet-hf-server/src/main.rs

@@ -305,5 +305,13 @@ Interface(
             ),
             idempotent: true,
         ),
+        "apob_clear": (
+            description: "clears the APOB",
+            reply: Result(
+                ok: "()",
+                err: CLike("ApobClearError"),
+            ),
+            idempotent: true,
+        ),
     },
 )

idl/hf.idol

@@ -280,6 +280,14 @@ mod devices_with_static_validation {
             capabilities: DeviceCapabilities::UPDATEABLE,
             presence: DevicePresence::Present, // TODO: ok to assume always present?
         },
+        #[cfg(feature = "cosmo")]
+        DeviceDescription {
+            component: SpComponent::HOST_CPU_BOOT_APOB,
+            device: SpComponent::HOST_CPU_BOOT_APOB.const_as_str(),
+            description: "Cosmo host boot APOB region",
+            capabilities: DeviceCapabilities::empty(),
+            presence: DevicePresence::Present, // matches HOST_CPU_BOOT_FLASH
+        },
         // If we're building for sidecar, we always claim to have a monorail.
         #[cfg(feature = "sidecar")]
         DeviceDescription {

task/control-plane-agent/src/inventory.rs

@@ -15,14 +15,14 @@ use gateway_messages::sp_impl::{
     BoundsChecked, DeviceDescription, Sender, SpHandler,
 };
 use gateway_messages::{
-    ignition, ComponentAction, ComponentActionResponse, ComponentDetails,
-    ComponentUpdatePrepare, DiscoverResponse, DumpSegment, DumpTask,
-    GpioToggleCount, Header, IgnitionCommand, IgnitionState, LastPostCode,
-    Message, MessageKind, MgsError, MgsRequest, MgsResponse, PostCode,
-    PowerState, PowerStateTransition, RotBootInfo, RotRequest, RotResponse,
-    SensorRequest, SensorResponse, SpComponent, SpError, SpPort as GwSpPort,
-    SpRequest, SpStateV2, SpUpdatePrepare, UpdateChunk, UpdateId, UpdateStatus,
-    SERIAL_CONSOLE_IDLE_TIMEOUT,
+    ignition, ApobComponentAction, ComponentAction, ComponentActionResponse,
+    ComponentDetails, ComponentUpdatePrepare, DiscoverResponse, DumpSegment,
+    DumpTask, GpioToggleCount, Header, IgnitionCommand, IgnitionState,
+    LastPostCode, Message, MessageKind, MgsError, MgsRequest, MgsResponse,
+    PostCode, PowerState, PowerStateTransition, RotBootInfo, RotRequest,
+    RotResponse, SensorRequest, SensorResponse, SpComponent, SpError,
+    SpPort as GwSpPort, SpRequest, SpStateV2, SpUpdatePrepare, UpdateChunk,
+    UpdateId, UpdateStatus, SERIAL_CONSOLE_IDLE_TIMEOUT,
 };
 use heapless::{Deque, Vec};
 use host_sp_messages::HostStartupOptions;
@@ -613,6 +613,17 @@ impl SpHandler for MgsHandler {
                 .unwrap();
                 Ok(ComponentActionResponse::Ack)
             }
+            (
+                SpComponent::HOST_CPU_BOOT_APOB,
+                ComponentAction::Apob(action),
+            ) => {
+                let r = match action {
+                    ApobComponentAction::Clear => {
+                        self.host_flash_update.apob_clear()
+                    }
+                };
+                Ok(ComponentActionResponse::Apob(r))
+            }
             _ => Err(SpError::RequestUnsupportedForComponent),
         }
     }

task/control-plane-agent/src/mgs_compute_sled.rs

@@ -6,13 +6,13 @@ use super::{common::CurrentUpdate, ComponentUpdater};
 use crate::mgs_handler::{BorrowedUpdateBuffer, UpdateBuffer};
 use core::ops::Range;
 use drv_hf_api::{
-    HfDevSelect, HfError, HfProtectMode, HostFlash, PAGE_SIZE_BYTES,
-    SECTOR_SIZE_BYTES,
+    ApobClearError, HfDevSelect, HfError, HfProtectMode, HostFlash,
+    PAGE_SIZE_BYTES, SECTOR_SIZE_BYTES,
 };
 use gateway_messages::{
-    ComponentUpdatePrepare, HfError as GwHfError, SpComponent, SpError,
-    UpdateId, UpdateInProgressStatus, UpdatePreparationProgress,
-    UpdatePreparationStatus, UpdateStatus,
+    ApobComponentActionResponse, ComponentUpdatePrepare, HfError as GwHfError,
+    SpComponent, SpError, UpdateId, UpdateInProgressStatus,
+    UpdatePreparationProgress, UpdatePreparationStatus, UpdateStatus,
 };
 
 userlib::task_slot!(HOST_FLASH, hf);
@@ -140,6 +140,21 @@ impl HostFlashUpdate {
             Ok(())
         }
     }
+
+    pub(crate) fn apob_clear(&self) -> ApobComponentActionResponse {
+        match self.task.apob_clear() {
+            Ok(()) => ApobComponentActionResponse::Success,
+            Err(ApobClearError::NotImplemented) => {
+                ApobComponentActionResponse::NotImplemented
+            }
+            Err(ApobClearError::NotMuxedToSp) => {
+                ApobComponentActionResponse::NotMuxedToSp
+            }
+            Err(ApobClearError::InvalidState) => {
+                ApobComponentActionResponse::InvalidState
+            }
+        }
+    }
 }
 
 // Ensure our `UpdateBuffer` type is sized large enough for us.