deprecate ImageHeader version and epoch

Author: lzrd

Cargo.lock

@@ -120,20 +120,14 @@ zip = { version = "0.6", default-features = false, features = ["bzip2"] }
 # Oxide forks and repos
 attest-data = { git = "https://github.com/oxidecomputer/dice-util", default-features = false, version = "0.2.0" }
 dice-mfg-msgs = { git = "https://github.com/oxidecomputer/dice-util", default-features = false, version = "0.2.1" }
-#gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", default-features = false, features = ["smoltcp"] }
-# XXX fix before push
-gateway-messages = { path = "/home/stoltz/Oxide/src/mgs/epoch/gateway-messages",  default-features = false, features = ["smoltcp"] }
+gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", default-features = false, features = ["smoltcp"] }
 gimlet-inspector-protocol = { git = "https://github.com/oxidecomputer/gimlet-inspector-protocol", version = "0.1.0" }
 hif = { git = "https://github.com/oxidecomputer/hif", default-features = false }
 humpty = { git = "https://github.com/oxidecomputer/humpty", default-features = false, version = "0.1.3" }
-#hubtools = { git = "https://github.com/oxidecomputer/hubtools", default-features = false, version = "0.4.1" }
-# XXX fix before push
-# hubtools = { git = "https://github.com/oxidecomputer/hubtools", default-features = false, branch = "epoch", version = "0.4.7" }
-hubtools = { path = "/home/stoltz/Oxide/src/hubtools/epoch/hubtools" }
+hubtools = { git = "https://github.com/oxidecomputer/hubtools", default-features = false, version = "0.4.7" }
 idol = { git = "https://github.com/oxidecomputer/idolatry.git", default-features = false }
 idol-runtime = { git = "https://github.com/oxidecomputer/idolatry.git", default-features = false }
-#lpc55_sign = { git = "https://github.com/oxidecomputer/lpc55_support", default-features = false }
-lpc55_sign = { path = "/home/stoltz/Oxide/src/lpc55_support/lpc55_sign", default-features = false }
+lpc55_sign = { git = "https://github.com/oxidecomputer/lpc55_support", default-features = false }
 ordered-toml = { git = "https://github.com/oxidecomputer/ordered-toml", default-features = false }
 pmbus = { git = "https://github.com/oxidecomputer/pmbus", default-features = false }
 salty = { version = "0.3", default-features = false }

Cargo.toml

@@ -3,7 +3,6 @@ chip = "../../chips/stm32h7"
 memory = "memory-large.toml"
 stacksize = 896
 fwid = true
-epoch = 0
 
 [kernel]
 name = "gimlet"

app/gimlet/base.toml

@@ -3,8 +3,6 @@ target = "thumbv7em-none-eabihf"
 chip = "../../chips/stm32h7"
 memory = "memory-large.toml"
 stacksize = 896
-epoch = 0
-version = 0
 fwid = true
 
 [kernel]

app/gimletlet/base-gimletlet2.toml

@@ -4,8 +4,6 @@ target = "thumbv7em-none-eabihf"
 chip = "../../chips/stm32h7"
 memory = "memory-large.toml"
 stacksize = 896
-epoch = 0
-version = 0
 fwid = true
 
 [kernel]

app/grapefruit/app.toml

@@ -4,8 +4,6 @@ board = "oxide-rot-1"
 chip = "../../chips/lpc55"
 stacksize = 1024
 image-names = ["a", "b"]
-epoch = 0
-version = 0
 fwid = true
 
 [kernel]

app/oxide-rot-1/app-dev.toml

@@ -4,8 +4,6 @@ board = "oxide-rot-1"
 chip = "../../chips/lpc55"
 stacksize = 1024
 image-names = ["a", "b"]
-epoch = 0
-version = 0
 fwid = true
 
 [kernel]

app/oxide-rot-1/app.toml

@@ -4,8 +4,6 @@ board = "rot-carrier-2"
 chip = "../../chips/lpc55"
 stacksize = 1024
 image-names = ["a", "b"]
-epoch = 0
-version = 0
 fwid = true
 
 [kernel]

app/rot-carrier/app.toml

@@ -24,10 +24,6 @@ struct RawConfig {
     board: String,
     chip: String,
     #[serde(default)]
-    epoch: u32,
-    #[serde(default)]
-    version: u32,
-    #[serde(default)]
     fwid: bool,
     memory: Option<String>,
     #[serde(default)]
@@ -50,8 +46,6 @@ pub struct Config {
     pub target: String,
     pub board: String,
     pub chip: String,
-    pub epoch: u32,
-    pub version: u32,
     pub fwid: bool,
     pub image_names: Vec<String>,
     pub signing: Option<RoTMfgSettings>,
@@ -174,8 +168,6 @@ impl Config {
             board: toml.board,
             image_names: img_names,
             chip: toml.chip,
-            epoch: toml.epoch,
-            version: toml.version,
             fwid: toml.fwid,
             signing: toml.signing,
             stacksize: toml.stacksize,
@@ -254,11 +246,6 @@ impl Config {
         let task_names =
             self.tasks.keys().cloned().collect::<Vec<_>>().join(",");
         env.insert("HUBRIS_TASKS".to_string(), task_names);
-        env.insert(
-            "HUBRIS_BUILD_VERSION".to_string(),
-            format!("{}", self.version),
-        );
-        env.insert("HUBRIS_BUILD_EPOCH".to_string(), format!("{}", self.epoch));
         env.insert("HUBRIS_BOARD".to_string(), self.board.to_string());
         env.insert(
             "HUBRIS_APP_TOML".to_string(),

build/xtask/src/config.rs

@@ -1251,7 +1251,7 @@ fn build_kernel(
 /// Returns true if the header was found and updated,
 /// false otherwise.
 fn update_image_header(
-    cfg: &PackageConfig,
+    _cfg: &PackageConfig,
     input: &Path,
     output: &Path,
     map: &IndexMap<String, Range<u32>>,
@@ -1290,16 +1290,8 @@ fn update_image_header(
                 // `xtask build kernel`, we need a result from this calculation
                 // but `end` will be `None`. Substitute a placeholder:
                 let end = end.unwrap_or(flash.start);
-
                 let len = end - flash.start;
-
-                let header = abi::ImageHeader {
-                    version: cfg.toml.version,
-                    epoch: cfg.toml.epoch,
-                    magic: abi::HEADER_MAGIC,
-                    total_image_len: len,
-                    ..Default::default()
-                };
+                let header = abi::ImageHeader::new(len);
 
                 header
                     .write_to_prefix(

build/xtask/src/dist.rs

@@ -2,9 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-use std::fs::File;
-use std::io::Write;
-
 fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
     build_util::expose_target_board();
     build_util::build_notifications()?;
@@ -18,15 +15,5 @@ fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
             "server_stub.rs",
             idol::server::ServerStyle::InOrder,
         )?;
-
-    let out = build_util::out_dir();
-    let mut ver_file = File::create(out.join("consts.rs")).unwrap();
-
-    let version: u32 = build_util::env_var("HUBRIS_BUILD_VERSION")?.parse()?;
-    let epoch: u32 = build_util::env_var("HUBRIS_BUILD_EPOCH")?.parse()?;
-
-    writeln!(ver_file, "const HUBRIS_BUILD_VERSION: u32 = {};", version)?;
-    writeln!(ver_file, "const HUBRIS_BUILD_EPOCH: u32 = {};", epoch)?;
-
     Ok(())
 }

drv/lpc55-update-server/build.rs

@@ -185,7 +185,7 @@ impl TryFrom<&[u8]> for ImageVectorsLpc55 {
 /// the end of optional caboose and the beginning of the signature block.
 pub fn validate_header_block(
     header_access: &ImageAccess<'_>,
-) -> Result<(Option<Epoch>, u32), UpdateError> {
+) -> Result<u32, UpdateError> {
     let mut vectors = ImageVectorsLpc55::new_zeroed();
     let mut header = ImageHeader::new_zeroed();
 
@@ -212,17 +212,14 @@ pub fn validate_header_block(
     // Note that `ImageHeader.epoch` is used by rollback protection for early
     // rejection of invalid images.
     // TODO: Improve estimate of where the first executable instruction can be.
-    let (code_offset, epoch) = if header.magic == HEADER_MAGIC {
+    let code_offset = if header.magic == HEADER_MAGIC {
         if header.total_image_len != vectors.nxp_offset_to_specific_header {
             // ImageHeader disagrees with LPC55 vectors.
             return Err(UpdateError::InvalidHeaderBlock);
         }
-        (
-            IMAGE_HEADER_OFFSET + (core::mem::size_of::<ImageHeader>() as u32),
-            Some(Epoch::from(header.epoch)),
-        )
+        IMAGE_HEADER_OFFSET + (core::mem::size_of::<ImageHeader>() as u32)
     } else {
-        (IMAGE_HEADER_OFFSET, None)
+        IMAGE_HEADER_OFFSET
     };
 
     if vectors.nxp_image_length as usize > header_access.at_runtime().len() {
@@ -249,7 +246,7 @@ pub fn validate_header_block(
         return Err(UpdateError::InvalidHeaderBlock);
     }
 
-    Ok((epoch, vectors.nxp_offset_to_specific_header))
+    Ok(vectors.nxp_offset_to_specific_header)
 }
 
 /// Get the range of the caboose contained within an image if it exists.
@@ -266,7 +263,7 @@ pub fn caboose_slice(
     //
     // In this context, NoImageHeader actually means that the image
     // is not well formed.
-    let (_epoch, image_end_offset) = validate_header_block(image)
+    let image_end_offset = validate_header_block(image)
         .map_err(|_| RawCabooseError::NoImageHeader)?;
 
     // By construction, the last word of the caboose is its size as a `u32`
@@ -651,33 +648,17 @@ pub fn check_rollback_policy(
 fn get_image_epoch(
     image: &ImageAccess<'_>,
 ) -> Result<Option<Epoch>, UpdateError> {
-    let (header_epoch, _caboose_offset) = validate_header_block(image)?;
-
     if let Ok(span) = caboose_slice(image) {
         let mut block = [0u8; BLOCK_SIZE_BYTES];
         let caboose = block[0..span.len()].as_bytes_mut();
         image.read_bytes(span.start, caboose)?;
         let reader = CabooseReader::new(caboose);
-        let caboose_epoch = if let Ok(epoc) = reader.get(CABOOSE_TAG_EPOC) {
-            Some(Epoch::from(epoc))
+        if let Ok(epoc) = reader.get(CABOOSE_TAG_EPOC) {
+            Ok(Some(Epoch::from(epoc)))
         } else {
-            None
-        };
-        match (header_epoch, caboose_epoch) {
-            (None, None) => Ok(None),
-            (Some(header_epoch), None) => Ok(Some(header_epoch)),
-            (None, Some(caboose_epoch)) => Ok(Some(caboose_epoch)),
-            (Some(header_epoch), Some(caboose_epoch)) => {
-                if caboose_epoch == header_epoch {
-                    Ok(Some(caboose_epoch))
-                } else {
-                    // Epochs present in both and not matching is invalid.
-                    // The image will be rejected after epoch 0.
-                    Ok(Some(Epoch::from(0u32)))
-                }
-            }
+            Ok(None)
         }
     } else {
-        Ok(header_epoch)
+        Ok(None)
     }
 }

drv/lpc55-update-server/src/images.rs

@@ -289,13 +289,14 @@ impl idl::InOrderUpdateImpl for ServerImpl<'_> {
 
     // TODO(AJS): Remove this in favor of `status`, once SP code is updated.
     // This has ripple effects up through control-plane-agent.
+    /// Deprecated. The version and epoch are in the Caboose
     fn current_version(
         &mut self,
         _: &RecvMessage,
     ) -> Result<ImageVersion, RequestError<Infallible>> {
         Ok(ImageVersion {
-            epoch: HUBRIS_BUILD_EPOCH,
-            version: HUBRIS_BUILD_VERSION,
+            epoch: 0,
+            version: 0,
         })
     }
 
@@ -1312,7 +1313,6 @@ fn main() -> ! {
     }
 }
 
-include!(concat!(env!("OUT_DIR"), "/consts.rs"));
 include!(concat!(env!("OUT_DIR"), "/notifications.rs"));
 mod idl {
     use super::{

drv/lpc55-update-server/src/main.rs

@@ -461,7 +461,7 @@ SpRot.status() => Status {
 }
 ```
 
-Update API, retrieve current version.
+Update API, retrieve current version (deprecated)
 This information is redundant with information in the Status structure.
 ```sh
 $ humility hiffy -c SpRot.current_version

drv/sprot-api/README.md

@@ -2,9 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-use std::fs::File;
-use std::io::Write;
-
 fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
     build_util::build_notifications()?;
     idol::Generator::new()
@@ -16,15 +13,5 @@ fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
             "server_stub.rs",
             idol::server::ServerStyle::InOrder,
         )?;
-
-    let out = build_util::out_dir();
-    let mut ver_file = File::create(out.join("consts.rs")).unwrap();
-
-    let version: u32 = build_util::env_var("HUBRIS_BUILD_VERSION")?.parse()?;
-    let epoch: u32 = build_util::env_var("HUBRIS_BUILD_EPOCH")?.parse()?;
-
-    writeln!(ver_file, "const HUBRIS_BUILD_VERSION: u32 = {};", version)?;
-    writeln!(ver_file, "const HUBRIS_BUILD_EPOCH: u32 = {};", epoch)?;
-
     Ok(())
 }

drv/stm32h7-update-server/build.rs

@@ -416,13 +416,14 @@ impl idl::InOrderUpdateImpl for ServerImpl<'_> {
         Ok(BLOCK_SIZE_BYTES)
     }
 
+    /// Deprecated. The version and epoch values are in the Caboose.
     fn current_version(
         &mut self,
         _: &RecvMessage,
     ) -> Result<ImageVersion, RequestError<Infallible>> {
         Ok(ImageVersion {
-            epoch: HUBRIS_BUILD_EPOCH,
-            version: HUBRIS_BUILD_VERSION,
+            epoch: 0,
+            version: 0,
         })
     }
 
@@ -569,7 +570,6 @@ fn main() -> ! {
     }
 }
 
-include!(concat!(env!("OUT_DIR"), "/consts.rs"));
 mod idl {
     use super::{CabooseError, ImageVersion, SlotId};
 

drv/stm32h7-update-server/src/main.rs

@@ -520,8 +520,18 @@ pub struct ImageHeader {
     pub magic: u32,
     pub total_image_len: u32,
     pub _pad: [u32; 16], // previous location of SAU entries
-    pub version: u32,
-    pub epoch: u32,
+    pub _version: u32,
+    pub _epoch: u32,
+}
+
+impl ImageHeader {
+    pub fn new(total_image_len: u32) -> Self {
+        ImageHeader {
+            magic: HEADER_MAGIC,
+            total_image_len,
+            ..Default::default()
+        }
+    }
 }
 
 // Corresponds to the ARM vector table, limited to what we need