Commit 54cab0a2 authored by Mike Hibler's avatar Mike Hibler

(Hopefully) final DB changes for secure boot/load path.

parent 47fdfe18
...@@ -328,6 +328,7 @@ REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMAL','SHUTDO ...@@ -328,6 +328,7 @@ REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMAL','SHUTDO
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMALv2','SHUTDOWN',''); REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','NORMALv2','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEFBSD','SHUTDOWN',''); REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEFBSD','SHUTDOWN','');
REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEKERNEL','BOOTING','SecureBootDone'); REPLACE INTO mode_transitions VALUES ('SECUREBOOT','TPMSIGNOFF','PXEKERNEL','BOOTING','SecureBootDone');
REPLACE INTO mode_transitions VALUES ('NORMALv2','SHUTDOWN','SECURELOAD','SHUTDOWN','SecureLoadStart');
-- --
-- Dumping data for table `priorities` -- Dumping data for table `priorities`
...@@ -393,19 +394,19 @@ REPLACE INTO state_timeouts VALUES ('NORMALv2','TBSETUP',600,'NOTIFY'); ...@@ -393,19 +394,19 @@ REPLACE INTO state_timeouts VALUES ('NORMALv2','TBSETUP',600,'NOTIFY');
REPLACE INTO state_timeouts VALUES ('NORMALv2','BOOTING',180,'REBOOT'); REPLACE INTO state_timeouts VALUES ('NORMALv2','BOOTING',180,'REBOOT');
REPLACE INTO state_timeouts VALUES ('GARCIA-STARGATEv1','TBSETUP',600,'NOTIFY'); REPLACE INTO state_timeouts VALUES ('GARCIA-STARGATEv1','TBSETUP',600,'NOTIFY');
REPLACE INTO state_timeouts VALUES ('PXEKERNEL','PXEWAKEUP',20,'REBOOT'); REPLACE INTO state_timeouts VALUES ('PXEKERNEL','PXEWAKEUP',20,'REBOOT');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','BOOTING',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECUREBOOT','BOOTING',300,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','GPXEBOOTING',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECUREBOOT','GPXEBOOTING',60,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','PXEBOOTING',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECUREBOOT','PXEBOOTING',60,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','SHUTDOWN',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECUREBOOT','SHUTDOWN',300,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECUREBOOT','TPMSIGNOFF',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECUREBOOT','TPMSIGNOFF',60,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','BOOTING',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','BOOTING',300,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','GPXEBOOTING',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','GPXEBOOTING',60,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','PXEBOOTING',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','PXEBOOTING',60,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADDONE',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADDONE',300,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADING',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADING',3600,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADSETUP',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','RELOADSETUP',60,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','SHUTDOWN',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','SHUTDOWN',300,'STATE:SECVIOLATION');
REPLACE INTO state_timeouts VALUES ('SECURELOAD','TPMSIGNOFF',3600,'STATE:SECVIOLATION'); REPLACE INTO state_timeouts VALUES ('SECURELOAD','TPMSIGNOFF',300,'STATE:SECVIOLATION');
-- --
-- Dumping data for table `state_transitions` -- Dumping data for table `state_transitions`
...@@ -621,6 +622,7 @@ REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADDONE','TPMSIGNOFF','Q ...@@ -621,6 +622,7 @@ REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADDONE','TPMSIGNOFF','Q
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADING','RELOADDONE','ImageOK'); REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADING','RELOADDONE','ImageOK');
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADING','SECVIOLATION','ImageBad'); REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADING','SECVIOLATION','ImageBad');
REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADSETUP','RELOADING','ReloadReady'); REPLACE INTO state_transitions VALUES ('SECURELOAD','RELOADSETUP','RELOADING','ReloadReady');
REPLACE INTO state_transitions VALUES ('SECURELOAD','SHUTDOWN','SHUTDOWN','Retry');
REPLACE INTO state_transitions VALUES ('SECURELOAD','SHUTDOWN','GPXEBOOTING','QuoteOK'); REPLACE INTO state_transitions VALUES ('SECURELOAD','SHUTDOWN','GPXEBOOTING','QuoteOK');
REPLACE INTO state_transitions VALUES ('SECURELOAD','SHUTDOWN','SECVIOLATION','QuoteFailed'); REPLACE INTO state_transitions VALUES ('SECURELOAD','SHUTDOWN','SECVIOLATION','QuoteFailed');
...@@ -649,7 +651,7 @@ REPLACE INTO state_triggers VALUES ('*','*','SECVIOLATION','POWEROFF, EMAILNOTIF ...@@ -649,7 +651,7 @@ REPLACE INTO state_triggers VALUES ('*','*','SECVIOLATION','POWEROFF, EMAILNOTIF
REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','BOOTING',''); REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','BOOTING','');
REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','PXEBOOTING',''); REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','PXEBOOTING','');
REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','TPMSIGNOFF','PXEBOOT, BOOTING, CHECKGENISUP'); REPLACE INTO state_triggers VALUES ('*','SECUREBOOT','TPMSIGNOFF','PXEBOOT, BOOTING, CHECKGENISUP');
REPLACE INTO state_triggers VALUES ('*','SECURELOAD','BOOTING',''); REPLACE INTO state_triggers VALUES ('*','SECURELOAD','BOOTING','BOOTING');
REPLACE INTO state_triggers VALUES ('*','SECURELOAD','PXEBOOTING',''); REPLACE INTO state_triggers VALUES ('*','SECURELOAD','PXEBOOTING','');
REPLACE INTO state_triggers VALUES ('*','SECURELOAD','RELOADDONE','RESET, RELOADDONE'); REPLACE INTO state_triggers VALUES ('*','SECURELOAD','RELOADDONE','RESET, RELOADDONE');
......
#
# Additional state for secure boot/load path.
# Also set SECURE* timeouts to reasonable values.
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
my @mode_transitions = (
["NORMALv2","SHUTDOWN","SECURELOAD","SHUTDOWN","SecureLoadStart"]
);
my @timeouts = (
["SECUREBOOT","BOOTING",300,"STATE:SECVIOLATION"],
["SECUREBOOT","GPXEBOOTING",60,"STATE:SECVIOLATION"],
["SECUREBOOT","PXEBOOTING",60,"STATE:SECVIOLATION"],
["SECUREBOOT","SHUTDOWN",300,"STATE:SECVIOLATION"],
["SECUREBOOT","TPMSIGNOFF",60,"STATE:SECVIOLATION"],
["SECURELOAD","BOOTING",300,"STATE:SECVIOLATION"],
["SECURELOAD","GPXEBOOTING",60,"STATE:SECVIOLATION"],
["SECURELOAD","PXEBOOTING",60,"STATE:SECVIOLATION"],
["SECURELOAD","RELOADDONE",300,"STATE:SECVIOLATION"],
["SECURELOAD","RELOADING",3600,"STATE:SECVIOLATION"],
["SECURELOAD","RELOADSETUP",60,"STATE:SECVIOLATION"],
["SECURELOAD","SHUTDOWN",300,"STATE:SECVIOLATION"],
["SECURELOAD","TPMSIGNOFF",300,"STATE:SECVIOLATION"]
);
my @transitions = (
["SECURELOAD","SHUTDOWN","SHUTDOWN","Retry"]
);
my @triggers = (
["*","SECURELOAD","BOOTING","BOOTING"]
);
foreach my $row (@mode_transitions) {
my ($opm1,$s1,$opm2,$s2,$lab) = @$row;
DBQueryFatal("REPLACE INTO mode_transitions VALUES ".
"('$opm1','$s1','$opm2', '$s2','$lab')");
}
foreach my $row (@timeouts) {
my ($opm,$s,$to,$act) = @$row;
DBQueryFatal("REPLACE INTO state_timeouts VALUES ".
"('$opm','$s','$to', '$act')");
}
foreach my $row (@transitions) {
my ($opm,$s1,$s2,$lab) = @$row;
DBQueryFatal("REPLACE INTO state_transitions VALUES ".
"('$opm','$s1','$s2','$lab')");
}
foreach my $row (@triggers) {
my ($node,$opm,$s,$trig) = @$row;
DBQueryFatal("REPLACE INTO state_triggers VALUES ".
"('$node','$opm','$s','$trig')");
}
return 0;
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment