1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is referred from Redfish standard schema.
# http://redfish.dmtf.org/schemas/v1/SecureBoot.v1_1_0.json
import logging
from sushy import exceptions
from sushy.resources import base
from sushy.resources import common
from sushy.resources.system import constants
from sushy.resources.system import secure_boot_database
from sushy import utils
LOG = logging.getLogger(__name__)
class ResetKeysActionField(common.ActionField):
allowed_values = base.Field('ResetKeysType@Redfish.AllowableValues',
adapter=list)
class ActionsField(base.CompositeField):
reset_keys = ResetKeysActionField('#SecureBoot.ResetKeys')
"""Action that resets the UEFI Secure Boot keys."""
class SecureBoot(base.ResourceBase):
identity = base.Field('Id', required=True)
"""The Bios resource identity string"""
name = base.Field('Name')
"""The name of the resource"""
description = base.Field('Description')
"""Human-readable description of the BIOS resource"""
current_boot = base.MappedField('SecureBootCurrentBoot',
constants.SecureBootCurrentBoot)
"""The UEFI Secure Boot state during the current boot cycle."""
enabled = base.Field('SecureBootEnable')
"""Whether the UEFI Secure Boot takes effect on next boot.
This property can be enabled in UEFI boot mode only.
"""
mode = base.MappedField('SecureBootMode', constants.SecureBootMode)
"""The current UEFI Secure Boot Mode."""
# TODO(dtantsur): SecureBootDatabases
_actions = ActionsField('Actions')
def __init__(self, connector, path, redfish_version=None, registries=None,
root=None):
"""A class representing secure boot settings.
:param connector: A Connector instance
:param path: Sub-URI path to the SecureBoot resource
:param registries: Dict of message registries to be used when
parsing messages of attribute update status
:param root: Sushy root object. Empty for Sushy root itself.
"""
super().__init__(connector, path, redfish_version=redfish_version,
registries=registries, root=root)
@property
@utils.cache_it
def databases(self):
"""A collection of secure boot databases.
It is set once when the first time it is queried. On refresh,
this property is marked as stale (greedy-refresh not done).
Here the actual refresh of the sub-resource happens, if stale.
:raises: MissingAttributeError if 'SecureBootDatabases/@odata.id' field
is missing.
:returns: `SimpleStorageCollection` instance
"""
return secure_boot_database.SecureBootDatabaseCollection(
self._conn, utils.get_sub_resource_path_by(
self, "SecureBootDatabases"),
redfish_version=self.redfish_version,
registries=self.registries, root=self.root)
def _get_reset_action_element(self):
reset_action = self._actions.reset_keys
if not reset_action:
raise exceptions.MissingActionError(action='#SecureBoot.ResetKeys',
resource=self._path)
return reset_action
def get_allowed_reset_keys_values(self):
"""Get the allowed values for resetting the keys.
:returns: A set with the allowed values.
"""
reset_action = self._get_reset_action_element()
if not reset_action.allowed_values:
LOG.warning('Could not figure out the allowed values for the '
'reset keys action for %s', self.identity)
return set(constants.SecureBootResetKeysType)
return {v for v in constants.SecureBootResetKeysType
if v.value in reset_action.allowed_values}
def reset_keys(self, reset_type):
"""Reset secure boot keys.
:param reset_type: Reset type, one of `SECURE_BOOT_RESET_KEYS_*`
constants.
"""
valid_resets = self.get_allowed_reset_keys_values()
if reset_type not in valid_resets:
raise exceptions.InvalidParameterValueError(
parameter='reset_type', value=reset_type,
valid_values=valid_resets)
reset_type = constants.SecureBootResetKeysType(reset_type).value
target_uri = self._get_reset_action_element().target_uri
self._conn.post(target_uri, data={'ResetKeysType': reset_type})
def set_enabled(self, enabled):
"""Enable/disable secure boot.
:param enabled: True, if secure boot is enabled for next boot.
"""
if not isinstance(enabled, bool):
raise exceptions.InvalidParameterValueError(
f"Expected a boolean for 'enabled', got {enabled}")
etag = self._get_etag()
self._conn.patch(self.path, data={'SecureBootEnable': enabled},
etag=etag)
|
