gbmc-mfg-boot-validation: Add package
When included in the image, this adds a script that can be executed
in any environment to do a basic sanity check that the BMC is running
the expected version and has no failed services.
This is meant to be used by manufacturers to ensure basic sanity before
shipping a machine to the DC with MFG firmware.
Tested: Ran on a system and passed a mismatched version, verified
FAIL status. Caused a systemd service to fail to ensure it gets caught
and printed. Set up a clean successful system with the correct version
for the PASS.
Fusion-Link: fusion2 N/A
Google-Bug-Id: 460216370
Change-Id: I878772275c902af191c16215d20157975f595e65
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/recipes-google/images/gbmc-image-mfg.bb b/recipes-google/images/gbmc-image-mfg.bb
index e8d4aa7..bac7a9b 100644
--- a/recipes-google/images/gbmc-image-mfg.bb
+++ b/recipes-google/images/gbmc-image-mfg.bb
@@ -1 +1,3 @@
require gbmc-image-minimal.bb
+
+IMAGE_INSTALL:append = " gbmc-mfg-boot-validation"
diff --git a/recipes-google/mfg/gbmc-mfg-boot-validation.bb b/recipes-google/mfg/gbmc-mfg-boot-validation.bb
new file mode 100644
index 0000000..0ca5fec
--- /dev/null
+++ b/recipes-google/mfg/gbmc-mfg-boot-validation.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Validation scripts to ensure the running firmware is sane at MFG"
+PR = "r1"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+RDEPENDS:${PN} += "bash"
+
+SRC_URI = " \
+ file://gbmc-mmi-check.sh \
+"
+
+do_install() {
+ install -d ${D}${bindir}
+ install -m0755 ${WORKDIR}/gbmc-mmi-check.sh ${D}${bindir}/
+}
diff --git a/recipes-google/mfg/gbmc-mfg-boot-validation/gbmc-mmi-check.sh b/recipes-google/mfg/gbmc-mfg-boot-validation/gbmc-mmi-check.sh
new file mode 100644
index 0000000..7e0299b
--- /dev/null
+++ b/recipes-google/mfg/gbmc-mfg-boot-validation/gbmc-mmi-check.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+st=0
+
+# Check the BMC Version against what was expected
+source /etc/os-release || st=1
+RUNNING_VERSION="${VERSION_ID##*-}"
+if [[ -z "$EXPECTED_VERSION" ]]; then
+ echo 'Missing EXPECTED_VERSION, please set it before running' >&2
+ st=1
+elif [[ "$EXPECTED_VERSION" != "$RUNNING_VERSION" ]]; then
+ echo "Expected Version ($EXPECTED_VERSION) != Actual Version($RUNNING_VERSION)" >&2
+ st=1
+else
+ echo "Expected Version ($EXPECTED_VERSION) == Actual Version($RUNNING_VERSION)" >&2
+fi
+
+# Check if we have any failed services
+if out="$(systemctl --failed)"; then
+ # Command succeeded, check the output
+ if [[ "$out" != *'0 loaded units listed.' ]]; then
+ st=1
+ echo 'Systemd has failed services!' >&2
+ echo "$out" >&2
+ else
+ echo 'No failed systemd services' >&2
+ fi
+else
+ # Command failed
+ echo 'Failed to run systemctl --failed' >&2
+ st=1
+fi
+
+if (( st == 0 )); then
+ echo 'PASS'
+ exit 0
+else
+ echo 'FAIL'
+ exit 1
+fi
