Skip to content

GitLab

Commit c0d4949d authored by Mike Hibler's avatar Mike Hibler
Browse files
Options

Still more state machine tweaks for secure boot/load.

parent 8838cb53
Hide whitespace changes
Inline Side-by-side
Showing with 89 additions and 4 deletions
event/stated/stated.in
View file @ c0d4949d
......@@ -680,14 +680,15 @@ sub stateTransition($$) {
if ($oldstate eq TBDB_NODESTATE_SECVIOLATION &&
$newstate ne TBDB_NODESTATE_SECVIOLATION) {
#
# Allow transitions to SHUTDOWN.
# This allows someone to reboot a node in the SECVIOLATION state
# getting it back to MINIMAL/SHUTDOWN.
# Allow transitions to SHUTDOWN/POWEROFF.
# This allows someone to reboot (turn-off and back on) a node in
# the SECVIOLATION state getting it back to MINIMAL/SHUTDOWN.
#
# XXX DEBUG ONLY!
#
if ($soft_secviolation &&
($newstate eq TBDB_NODESTATE_SHUTDOWN ||
$newstate eq TBDB_NODESTATE_POWEROFF ||
$newstate eq TBDB_NODESTATE_GPXEBOOTING)) {
notify("$node allowed to transition: SECVIOLATION => $newstate\n");
} else {
......
sql/database-fill.sql
View file @ c0d4949d
......@@ -327,7 +327,7 @@ REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','MINIMAL','SHUTD
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMAL','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMALv2','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEFBSD','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEKERNEL','BOOTING','SecureBootDone');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEKERNEL','SHUTDOWN','SecureBootDone');
REPLACE INTO mode_transitions VALUES ('NORMALv2','SHUTDOWN','SECURELOAD','SHUTDOWN','SecureLoadStart');
REPLACE INTO mode_transitions VALUES ('PXEFBSD','SHUTDOWN','WIMRELOAD','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('MINIMAL','SHUTDOWN','WIMRELOAD','SHUTDOWN','');
......@@ -655,6 +655,10 @@ REPLACE INTO state_transitions VALUES ('NORMALv2','*','POWEROFF','Power Off');
REPLACE INTO state_transitions VALUES ('NORMAL','POWEROFF','SHUTDOWN','Power On');
REPLACE INTO state_transitions VALUES ('NORMALv1','POWEROFF','SHUTDOWN','Power On');
REPLACE INTO state_transitions VALUES ('NORMALv2','POWEROFF','SHUTDOWN','Power On');
REPLACE INTO state_transitions VALUES ('SECUREBOOT','SECVIOLATION','POWEROFF','Power Off');
REPLACE INTO state_transitions VALUES ('SECURELOAD','SECVIOLATION','POWEROFF','Power Off');
REPLACE INTO state_transitions VALUES ('SECUREBOOT','POWEROFF','SHUTDOWN','Power On');
REPLACE INTO state_transitions VALUES ('SECURELOAD','POWEROFF','SHUTDOWN','Power On');
REPLACE INTO state_transitions VALUES ('WIMRELOAD','SHUTDOWN','RELOADSETUP','BootOK');
REPLACE INTO state_transitions VALUES ('WIMRELOAD','RELOADSETUP','RELOADING','ReloadStart');
REPLACE INTO state_transitions VALUES ('WIMRELOAD','RELOADING','RELOADDONE','ReloadDone');
......
sql/updates/4/259 0 → 100644
View file @ c0d4949d
#
# Assorted fixups for the secureboot/load path.
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
my @mode_transitions = (
);
my @timeouts = (
);
my @transitions = (
["SECUREBOOT","BOOTING","PXEBOOTING","re-BootInfo"],
["SECUREBOOT","SECVIOLATION","POWEROFF","Power Off"],
["SECURELOAD","SECVIOLATION","POWEROFF","Power Off"],
["SECUREBOOT","POWEROFF","SHUTDOWN","Power On"],
["SECURELOAD","POWEROFF","SHUTDOWN","Power On"]
);
my @triggers = (
);
foreach my $row (@mode_transitions) {
my ($opm1,$s1,$opm2,$s2,$lab) = @$row;
my $query_result =
DBQueryFatal("SELECT op_mode1 FROM mode_transitions WHERE ".
"op_mode1='$opm1' AND state1='$s1' AND ".
"op_mode2='$opm2' AND state2='$s2'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO mode_transitions VALUES ".
"('$opm1','$s1','$opm2', '$s2','$lab')");
}
}
foreach my $row (@timeouts) {
my ($opm,$s,$to,$act) = @$row;
my $query_result =
DBQueryFatal("SELECT op_mode FROM state_timeouts WHERE ".
"op_mode='$opm' AND state='$s'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO state_timeouts VALUES ".
"('$opm','$s','$to', '$act')");
}
}
foreach my $row (@transitions) {
my ($opm,$s1,$s2,$lab) = @$row;
my $query_result =
DBQueryFatal("SELECT op_mode FROM state_transitions WHERE ".
"op_mode='$opm' AND state1='$s1' AND state2='$s2'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO state_transitions VALUES ".
"('$opm','$s1','$s2','$lab')");
}
}
foreach my $row (@triggers) {
my ($node,$opm,$s,$trig) = @$row;
my $query_result =
DBQueryFatal("SELECT node_id FROM state_triggers WHERE ".
"node_id='$node' AND op_mode='$opm' AND state='$s'");
if ($query_result->numrows == 0) {
DBQueryFatal("INSERT INTO state_triggers VALUES ".
"('$node','$opm','$s','$trig')");
}
}
# tweak a previous transition that wasn't quite right
DBQueryFatal("UPDATE mode_transitions SET state2='SHUTDOWN' WHERE ".
" state1='TPMSIGNOFF' AND op_mode2='PXEKERNEL' AND ".
" state2='BOOTING'");
# no need to BOOTING, CHECKGENISUP as those will happen in next BOOTING
DBQueryFatal("UPDATE state_triggers SET `trigger`='PXEBOOT' WHERE ".
" op_mode='SECUREBOOT' AND state='TPMSIGNOFF'");
return 0;
}
1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment