Image verfication failure doesn't prevent BMC update
rgrs
rgrs at protonmail.com
Wed Oct 9 18:31:21 AEDT 2019
Hi All,
I am trying to sign my image with OEM keys instead of default OpenBMC.priv which is part of the repo.
When I tried to update OEM signed BMC, phosphor-image-updater logs messages related to "Signature validation failed"
But the flashing continued and activation was successful.
I expected flash procedure to fail since, default private key (OpenBMC.priv,RSA-1024,SHA256) is different from OEM private key (RSA-2048,SHA256)
Log:
Sep 17 09:44:50 lhost phosphor-version-software-manager[1350]: Untaring
Sep 17 09:44:50 lhost phosphor-mapper[1135]: Found invalid association on path /xyz/openbmc_project/software/11daa823
Sep 17 09:44:50 lhost phosphor-mapper[1135]: Found invalid association on path /xyz/openbmc_project/software/11daa823
Sep 17 09:44:51 lhost phosphor-image-updater[1316]: BMC image activating - BMC reboots are disabled.
Sep 17 09:44:51 lhost phosphor-image-updater[1316]: EVP_DigestVerifyFinal:Signature validation failed
Sep 17 09:44:51 lhost phosphor-image-updater[1316]: System level Signature Validation failed
Sep 17 09:44:51 lhost phosphor-image-updater[1316]: Error occurred during image validation
Sep 17 09:44:51 lhost phosphor-image-updater[1316]: The operation failed internally.
Sep 17 09:44:51 lhost phosphor-log-manager[1114]: Failed to find metadata
Sep 17 09:44:51 lhost systemd[1]: Starting Enable a guard that blocks BMC reboot...
Sep 17 09:44:51 lhost systemd[1]: Starting Updates the u-boot variable to point BMC version to 25904a91...
Sep 17 09:44:51 lhost systemd[1]: Starting Set U-Boot environment variable...
Sep 17 09:44:51 lhost systemd[1]: Created slice system-obmc\x2dflash\x2dbmc\x2dubiro\x2dremove.slice.
Sep 17 09:44:52 lhost systemd[1]: Starting Deletes read-only and kernel ubi volume d4a39257...
Sep 17 09:44:52 lhost systemd[1]: reboot-guard-enable.service: Succeeded.
Sep 17 09:44:52 lhost systemd[1]: Started Enable a guard that blocks BMC reboot.
Sep 17 09:44:54 lhost kernel: block ubiblock0_0: released
Sep 17 09:44:54 lhost systemd[1]: media-rofs\x2dd4a39257.mount: Succeeded.
Sep 17 09:44:55 lhost systemd[1]: obmc-flash-bmc-setenv at d4a39257.service: Succeeded.
Sep 17 09:44:55 lhost systemd[1]: Started Set U-Boot environment variable.
Sep 17 09:44:55 lhost systemd[1]: Created slice system-obmc\x2dflash\x2dbmc\x2dubiro.slice.
Sep 17 09:44:55 lhost systemd[1]: Starting Store read-only images 11daa823 to BMC storage...
Sep 17 09:44:55 lhost systemd[1]: Starting Create BMC read-write ubi volume...
Sep 17 09:44:57 lhost systemd[1]: Starting Hostname Service...
Sep 17 09:44:58 lhost systemd[1610]: systemd-hostnamed.service: PrivateNetwork=yes is configured, but the kernel does not support network namespaces, ignoring.
Sep 17 09:44:58 lhost systemd[1]: obmc-flash-bmc-ubirw.service: Succeeded.
Sep 17 09:44:58 lhost systemd[1]: Started Create BMC read-write ubi volume.
Sep 17 09:44:59 lhost systemd[1]: Started Hostname Service.
Sep 17 09:45:00 lhost phosphor-dump-manager[1136]: Tue Sep 17 09:45:00 UTC 2019 Report is available in /var/lib/phosphor-debug-collector/dumps/3
Sep 17 09:45:01 lhost systemd[1]: obmc-flash-bmc-ubiro-remove at d4a39257.service: Succeeded.
Sep 17 09:45:01 lhost systemd[1]: Started Deletes read-only and kernel ubi volume d4a39257.
Sep 17 09:45:01 lhost phosphor-dump-manager[1136]: Tue Sep 17 09:45:01 UTC 2019 Successfully completed
Sep 17 09:45:18 lhost systemd[1]: obmc-flash-bmc-updateubootvars at 25904a91.service: Succeeded.
Sep 17 09:45:18 lhost systemd[1]: Started Updates the u-boot variable to point BMC version to 25904a91.
Sep 17 09:45:29 lhost systemd[1]: systemd-hostnamed.service: Succeeded.
Sep 17 09:46:28 lhost obmc-flash-bmc[1659]: Volume ID 0, size 287 LEBs (18772096 bytes, 17.9 MiB), LEB size 65408 bytes (63.8 KiB), static, name "rofs-11daa823", alignment 1
Sep 17 09:47:12 lhost kernel: block ubiblock0_0: created from ubi0:0(rofs-11daa823)
Sep 17 09:47:24 lhost obmc-flash-bmc[1702]: Volume ID 1, size 37 LEBs (2420096 bytes, 2.3 MiB), LEB size 65408 bytes (63.8 KiB), static, name "kernel-11daa823", alignment 1
Sep 17 09:47:32 lhost obmc-flash-bmc[1702]: Volume ID 2, size 37 LEBs (2420096 bytes, 2.3 MiB), LEB size 65408 bytes (63.8 KiB), static, name "kernel-11daa823", alignment 1
Sep 17 09:47:40 lhost obmc-flash-bmc[1769]: [130B blob data]
Sep 17 09:47:41 lhost obmc-flash-bmc[1769]: [1.9K blob data]
Sep 17 09:47:41 lhost obmc-flash-bmc[1769]: [2.1K blob data]
Sep 17 09:47:41 lhost systemd[1]: obmc-flash-bmc-ubiro at 11daa823.service: Succeeded.
Sep 17 09:47:41 lhost systemd[1]: Started Store read-only images 11daa823 to BMC storage.
Sep 17 09:47:41 lhost systemd[1]: Starting Updates the u-boot variable to point BMC version to 11daa823...
Sep 17 09:47:41 lhost systemd[1]: Starting Set U-Boot environment variable...
Sep 17 09:47:43 lhost systemd[1]: obmc-flash-bmc-setenv at 11daa823\x3d0.service: Succeeded.
Sep 17 09:47:43 lhost systemd[1]: Started Set U-Boot environment variable.
Sep 17 09:47:45 lhost systemd[1]: obmc-flash-bmc-updateubootvars at 11daa823.service: Succeeded.
Sep 17 09:47:45 lhost systemd[1]: Started Updates the u-boot variable to point BMC version to 11daa823.
Sep 17 09:47:45 lhost phosphor-image-updater[1316]: BMC activation has ended - BMC reboots are re-enabled.
Sep 17 09:47:45 lhost systemd[1]: Starting Removes the guard that blocks BMC reboot...
Sep 17 09:47:45 lhost systemd[1]: reboot-guard-disable.service: Succeeded.
Sep 17 09:47:45 lhost systemd[1]: Started Removes the guard that blocks BMC reboot.
Thanks,
Raj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20191009/4717226e/attachment-0001.htm>
More information about the openbmc
mailing list