Commit 6e14662f authored by Mike Hibler's avatar Mike Hibler

Database updates for secure boot/load stated-related...um, state.

parent 523c2aaf
......@@ -279,6 +279,10 @@ REPLACE INTO mode_transitions VALUES ('ALWAYSUP','ISUP','RELOAD-MOTE','ISUP','Re
REPLACE INTO mode_transitions VALUES ('RELOAD-MOTE','SHUTDOWN','ALWAYSUP','ISUP','ReloadDone');
REPLACE INTO mode_transitions VALUES ('PCVM','SHUTDOWN','RELOAD-PCVM','SHUTDOWN','ReloadSetup');
REPLACE INTO mode_transitions VALUES ('RELOAD-PCVM','SHUTDOWN','PCVM','SHUTDOWN','ReloadDone');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','MINIMAL','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMAL','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMALv2','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEFBSD','SHUTDOWN','');
--
-- Dumping data for table `priorities`
......@@ -344,6 +348,19 @@ REPLACE INTO state_timeouts VALUES ('NORMALv2','TBSETUP',600,'NOTIFY');
REPLACE INTO state_timeouts VALUES ('NORMALv2','BOOTING',180,'REBOOT');
REPLACE INTO state_timeouts VALUES ('GARCIA-STARGATEv1','TBSETUP',600,'NOTIFY');
REPLACE INTO state_timeouts VALUES ('PXEKERNEL','PXEWAKEUP',20,'REBOOT');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','BOOTING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','GPXEBOOTING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','PXEBOOTING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','SHUTDOWN',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','TPMSIGNOFF',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','BOOTING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','GPXEBOOTING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','PXEBOOTING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADDONE',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADSETUP',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','SHUTDOWN',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','TPMSIGNOFF',3600,'STATE:SECVIOLATION');
--
-- Dumping data for table `state_transitions`
......@@ -539,6 +556,22 @@ REPLACE INTO state_transitions VALUES ('RELOAD','TBSETUP','ISUP','FailedBoot');
REPLACE INTO state_transitions VALUES ('RELOAD','TBSETUP','TBFAILED','FailedBoot');
REPLACE INTO state_transitions VALUES ('RELOAD','ISUP','SHUTDOWN','RebootAfterFail');
REPLACE INTO state_transitions VALUES ('RELOAD','TBFAILED','SHUTDOWN','RebootAfterFail');
REPLACE INTO state_transitions VALUES ('SECUREBOOT','BOOTING','SECVIOLATION','QuoteFailed');
REPLACE INTO state_transitions VALUES ('SECUREBOOT','BOOTING','TPMSIGNOFF','QuoteOK');
REPLACE INTO state_transitions VALUES ('SECUREBOOT','GPXEBOOTING','PXEBOOTING','DHCP');
REPLACE INTO state_transitions VALUES ('SECUREBOOT','PXEBOOTING','BOOTING','BootInfo');
REPLACE INTO state_transitions VALUES ('SECURELOAD','BOOTING','PXEBOOTING','re-BootInfo');
REPLACE INTO state_transitions VALUES ('SECURELOAD','BOOTING','RELOADSETUP','QuoteOK');
REPLACE INTO state_transitions VALUES ('SECURELOAD','BOOTING','SECVIOLATION','QuoteFailed');
REPLACE INTO state_transitions VALUES ('SECURELOAD','GPXEBOOTING','PXEBOOTING','DHCP');
REPLACE INTO state_transitions VALUES ('SECURELOAD','PXEBOOTING','BOOTING','BootInfo');
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADDONE','SECVIOLATION','QuoteFailed');
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADDONE','TPMSIGNOFF','QuoteOK');
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADING','RELOADDONE','ImageOK');
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADING','SECVIOLATION','ImageBad');
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADSETUP','RELOADING','ReloadReady');
REPLACE INTO state_transitions VALUES ('SECURELOAD','SHUTDOWN','GPXEBOOTING','QuoteOK');
REPLACE INTO state_transitions VALUES ('SECURELOAD','SHUTDOWN','SECVIOLATION','QuoteFailed');
--
-- Dumping data for table `state_triggers`
......@@ -559,6 +592,14 @@ REPLACE INTO state_triggers VALUES ('*','RELOAD','RELOADOLDMFS','RELOADOLDMFS');
REPLACE INTO state_triggers VALUES ('*','RELOAD-PCVM','RELOADDONE','RESET, RELOADDONE');
REPLACE INTO state_triggers VALUES ('*','RELOAD','ISUP','REBOOT');
REPLACE INTO state_triggers VALUES ('*','RELOAD','TBFAILED','REBOOT');
REPLACE INTO state_triggers VALUES ('*','*','GPXEBOOTING','SECUREBOOT');
REPLACE INTO state_triggers VALUES ('*','*','SECVIOLATION','POWEROFF, EMAILNOTIFY');
REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','BOOTING','');
REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','PXEBOOTING','');
REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','TPMSIGNOFF','PXEBOOT, BOOTING, CHECKGENISUP');
REPLACE INTO state_triggers VALUES ('*','SECURELOAD','BOOTING','');
REPLACE INTO state_triggers VALUES ('*','SECURELOAD','PXEBOOTING','');
REPLACE INTO state_triggers VALUES ('*','SECURELOAD','RELOADDONE','RESET, RELOADDONE');
--
-- Dumping data for table `table_regex`
......@@ -994,6 +1035,10 @@ REPLACE INTO table_regex VALUES ('elabinelab_attributes','attrkey','text','regex
REPLACE INTO table_regex VALUES ('elabinelab_attributes','attrvalue','text','regex','^[-\\w\\.\\+,\\s\\/]+$',0,255,NULL);
REPLACE INTO table_regex VALUES ('elabinelab_attributes','ordering','int','redirect','default:tinyint',0,0,NULL);
REPLACE INTO table_regex VALUES ('images','auth_key','text','regex','^[0-9a-fA-F,]+$',0,0,NULL);
REPLACE INTO table_regex VALUES ('images','auth_uuid','text','regex','^[0-9a-fA-F]+$',0,0,NULL);
REPLACE INTO table_regex VALUES ('images','decryption_key','text','regex','^[0-9a-fA-F]+$',0,0,NULL);
REPLACE INTO table_regex VALUES ('default','tinytext_utf8','text','regex','^(?:[\\x20-\\x7E]|[\\xC2-\\xDF][\\x80-\\xBF]|\\xE0[\\xA0-\\xBF][\\x80-\\xBF]|[\\xE1-\\xEC\\xEE\\xEF][\\x80-\\xBF]{2}|\\xED[\\x80-\\x9F][\\x80-\\xBF])*$',0,256,'adopted from http://www.w3.org/International/questions/qa-forms-utf-8.en.php');
REPLACE INTO table_regex VALUES ('default','text_utf8','text','regex','^(?:[\\x20-\\x7E]|[\\xC2-\\xDF][\\x80-\\xBF]|\\xE0[\\xA0-\\xBF][\\x80-\\xBF]|[\\xE1-\\xEC\\xEE\\xEF][\\x80-\\xBF]{2}|\\xED[\\x80-\\x9F][\\x80-\\xBF])*$',0,65535,'adopted from http://www.w3.org/International/questions/qa-forms-utf-8.en.php');
REPLACE INTO table_regex VALUES ('default','fulltext_utf8','text','regex','^(?:[\\x09\\x0A\\x0D\\x20-\\x7E]|[\\xC2-\\xDF][\\x80-\\xBF]|\\xE0[\\xA0-\\xBF][\\x80-\\xBF]|[\\xE1-\\xEC\\xEE\\xEF][\\x80-\\xBF]{2}|\\xED[\\x80-\\x9F][\\x80-\\xBF])*$',0,65535,'adopted from http://www.w3.org/International/questions/qa-forms-utf-8.en.php');
......
#
# DB state for secure boot and loading.
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
my @mode_transitions = (
["SECUREBOOT","TPMSIGNOFF","MINIMAL","SHUTDOWN",""],
["SECUREBOOT","TPMSIGNOFF","NORMAL","SHUTDOWN",""],
["SECUREBOOT","TPMSIGNOFF","NORMALv2","SHUTDOWN",""],
["SECUREBOOT","TPMSIGNOFF","PXEFBSD","SHUTDOWN",""]
);
my @timeouts = (
["SECUREBOOT","BOOTING",3600,"STATE:SECVIOLATION"],
["SECUREBOOT","GPXEBOOTING",3600,"STATE:SECVIOLATION"],
["SECUREBOOT","PXEBOOTING",3600,"STATE:SECVIOLATION"],
["SECUREBOOT","SHUTDOWN",3600,"STATE:SECVIOLATION"],
["SECUREBOOT","TPMSIGNOFF",3600,"STATE:SECVIOLATION"],
["SECURELOAD","BOOTING",3600,"STATE:SECVIOLATION"],
["SECURELOAD","GPXEBOOTING",3600,"STATE:SECVIOLATION"],
["SECURELOAD","PXEBOOTING",3600,"STATE:SECVIOLATION"],
["SECURELOAD","RELOADDONE",3600,"STATE:SECVIOLATION"],
["SECURELOAD","RELOADING",3600,"STATE:SECVIOLATION"],
["SECURELOAD","RELOADSETUP",3600,"STATE:SECVIOLATION"],
["SECURELOAD","SHUTDOWN",3600,"STATE:SECVIOLATION"],
["SECURELOAD","TPMSIGNOFF",3600,"STATE:SECVIOLATION"]
);
my @transitions = (
["SECUREBOOT","BOOTING","SECVIOLATION","QuoteFailed"],
["SECUREBOOT","BOOTING","TPMSIGNOFF","QuoteOK"],
["SECUREBOOT","GPXEBOOTING","PXEBOOTING","DHCP"],
["SECUREBOOT","PXEBOOTING","BOOTING","BootInfo"],
["SECURELOAD","BOOTING","PXEBOOTING","re-BootInfo"],
["SECURELOAD","BOOTING","RELOADSETUP","QuoteOK"],
["SECURELOAD","BOOTING","SECVIOLATION","QuoteFailed"],
["SECURELOAD","GPXEBOOTING","PXEBOOTING","DHCP"],
["SECURELOAD","PXEBOOTING","BOOTING","BootInfo"],
["SECURELOAD","RELOADDONE","SECVIOLATION","QuoteFailed"],
["SECURELOAD","RELOADDONE","TPMSIGNOFF","QuoteOK"],
["SECURELOAD","RELOADING","RELOADDONE","ImageOK"],
["SECURELOAD","RELOADING","SECVIOLATION","ImageBad"],
["SECURELOAD","RELOADSETUP","RELOADING","ReloadReady"],
["SECURELOAD","SHUTDOWN","GPXEBOOTING","QuoteOK"],
["SECURELOAD","SHUTDOWN","SECVIOLATION","QuoteFailed"]
);
my @triggers = (
["*","*","GPXEBOOTING","SECUREBOOT"],
["*","*","SECVIOLATION","POWEROFF, EMAILNOTIFY"],
["*","SECUREBOOT","BOOTING",""],
["*","SECUREBOOT","PXEBOOTING",""],
["*","SECUREBOOT","TPMSIGNOFF","PXEBOOT, BOOTING, CHECKGENISUP"],
["*","SECURELOAD","BOOTING",""],
["*","SECURELOAD","PXEBOOTING",""],
["*","SECURELOAD","RELOADDONE","RESET, RELOADDONE"]
);
foreach my $row (@mode_transitions) {
my ($opm1,$s1,$opm2,$s2,$lab) = @$row;
my $query_result =
DBQueryFatal("SELECT op_mode1 FROM mode_transitions WHERE ".
"op_mode1='$opm1' AND state1='$s1' AND ".
"op_mode2='$opm2' AND state2='$s2'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO mode_transitions VALUES ".
"('$opm1','$s1','$opm2', '$s2','$lab')");
}
}
foreach my $row (@timeouts) {
my ($opm,$s,$to,$act) = @$row;
my $query_result =
DBQueryFatal("SELECT op_mode FROM state_timeouts WHERE ".
"op_mode='$opm' AND state='$s'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO state_timeouts VALUES ".
"('$opm','$s','$to', '$act')");
}
}
foreach my $row (@transitions) {
my ($opm,$s1,$s2,$lab) = @$row;
my $query_result =
DBQueryFatal("SELECT op_mode FROM state_transitions WHERE ".
"op_mode='$opm' AND state1='$s1' AND state2='$s2'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO state_transitions VALUES ".
"('$opm','$s1','$s2','$lab')");
}
}
foreach my $row (@triggers) {
my ($node,$opm,$s,$trig) = @$row;
my $query_result =
DBQueryFatal("SELECT node_id FROM state_triggers WHERE ".
"node_id='$node' AND op_mode='$opm' AND state='$s'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO state_triggers VALUES ".
"('$node','$opm','$s','$trig')");
}
}
#
# Add fields to images table for authentication/decryption keys
#
if (!DBSlotExists("images", "auth_uuid")) {
DBQueryFatal("ALTER TABLE images ADD `auth_uuid`".
" varchar(64) DEFAULT NULL AFTER access_key");
}
DBQueryFatal("REPLACE INTO table_regex VALUES ".
"('images','auth_uuid','text','regex', ".
" '^[0-9a-fA-F]+\$',0,0,NULL)");
if (!DBSlotExists("images", "auth_key")) {
DBQueryFatal("ALTER TABLE images ADD `auth_key` ".
" varchar(512) DEFAULT NULL AFTER auth_uuid");
}
DBQueryFatal("REPLACE INTO table_regex VALUES ".
"('images','auth_key','text','regex', ".
" '^[0-9a-fA-F,]+\$',0,0,NULL)");
if (!DBSlotExists("images", "decryption_key")) {
DBQueryFatal("ALTER TABLE images ADD `decryption_key` ".
" varchar(256) DEFAULT NULL AFTER auth_key");
}
DBQueryFatal("REPLACE INTO table_regex VALUES ".
"('images','decryption_key','text','regex', ".
" '^[0-9a-fA-F]+\$',0,0,NULL)");
if (!DBSlotExists("node_hostkeys", "tpmidentity")) {
DBQueryFatal("ALTER TABLE node_hostkeys ADD `tpmidentity` ".
" mediumtext AFTER tpmx509");
}
#
# Add nonces/quotes tables
#
if (!DBTableExists("nonces")) {
DBQueryFatal("CREATE TABLE `nonces` ( ".
" `node_id` varchar(32) NOT NULL, ".
" `purpose` varchar(64) NOT NULL, ".
" `nonce` mediumtext, ".
" `expires` int(10) NOT NULL, ".
" PRIMARY KEY (`node_id`,`purpose`) ".
") ENGINE=MyISAM DEFAULT CHARSET=latin1");
}
if (!DBTableExists("tpm_quote_values")) {
DBQueryFatal("CREATE TABLE `tpm_quote_values` ( ".
" `node_id` varchar(32) NOT NULL default '', ".
" `op_mode` varchar(20) NOT NULL, ".
" `state` varchar(20) NOT NULL, ".
" `pcr` int(11) NOT NULL, ".
" `value` mediumtext, ".
" PRIMARY KEY (`node_id`,`op_mode`,`state`,`pcr`) ".
") ENGINE=MyISAM DEFAULT CHARSET=latin1");
}
return 0;
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment