cli: Add 'mfg csr-get' command for Gen5

This command retrieves DevID CSR from MainFW and save it to a .der file.

Author: Jie Yan

cli/mfg.c

@@ -1526,6 +1526,58 @@ static int debug_unlock_token(int argc, char **argv)
 	return 0;
 }
 
+#define CMD_DESC_CSR_GET "get Device ID Certificate Signing Request (CSR)"
+
+static int csr_get(int argc, char **argv)
+{
+	int ret;
+
+	const char *desc = CMD_DESC_CSR_GET "\n\n"
+			   "This command can only be used in Main Firmware.\n\n"
+			   "It gets the DevID Certificate Signing Request (CSR)"
+			   "in DER format and save it to a specified file\n";
+
+	static struct {
+		struct switchtec_dev *dev;
+		int    csr_fd;
+		const char *csr_file_name;
+		int assume_yes;
+	} cfg = {
+		.csr_fd = 0,
+	};
+	const struct argconfig_options opts[] = {
+		DEVICE_OPTION_MFG,
+		{"csr_file", .cfg_type=CFG_FD_WR, .value_addr=&cfg.csr_fd,
+			.argument_type=optional_positional,
+			.force_default="devid_csr.der",
+			.help="The CSR file to save to disk"},
+		{"yes", 'y', "", CFG_NONE, &cfg.assume_yes, no_argument,
+			"assume yes when prompted"},
+		{NULL}
+	};
+
+	argconfig_parse(argc, argv, desc, opts, &cfg, sizeof(cfg));
+
+	if (switchtec_boot_phase(cfg.dev) != SWITCHTEC_BOOT_PHASE_FW) {
+		fprintf(stderr,
+			"This command is only available in Main Firmware!\n");
+		return -1;
+	}
+
+	ret = switchtec_csr_to_file(cfg.dev, cfg.csr_fd);
+	if (ret) {
+		switchtec_perror("mfg csr_get");
+		close(cfg.csr_fd);
+		return ret;
+	}
+
+	close(cfg.csr_fd);
+
+	fprintf(stderr, "\nCertificate Signing Request (CSR) saved to %s.\n", cfg.csr_file_name);
+
+	return 0;
+}
+
 static const struct cmd commands[] = {
 	CMD(ping, CMD_DESC_PING),
 	CMD(info, CMD_DESC_INFO),
@@ -1541,6 +1593,7 @@ static const struct cmd commands[] = {
 	CMD(debug_unlock_token, CMD_DESC_DEBUG_TOKEN),
 	CMD(debug_unlock, CMD_DESC_DEBUG_UNLOCK),
 	CMD(debug_lock_update, CMD_DESC_DEBUG_LOCK_UPDATE),
+	CMD(csr_get, CMD_DESC_CSR_GET),
 	{}
 };
 

inc/switchtec/mfg.h

@@ -275,5 +275,5 @@ int switchtec_read_uds_file(FILE *uds_file, struct switchtec_uds *uds);
 int
 switchtec_security_state_has_kmsk(struct switchtec_security_cfg_state *state,
 				  struct switchtec_kmsk *kmsk);
-
+int switchtec_csr_to_file(struct switchtec_dev *dev, int fd);
 #endif // LIBSWITCHTEC_MFG_H

inc/switchtec/mrpc.h

@@ -125,8 +125,9 @@ enum mrpc_cmd {
 	MRPC_DBG_UNLOCK_GEN5 = 0x11A,
 	MRPC_BOOTUP_RESUME_GEN5 = 0x11B,
 	MRPC_FTDC_LOG_DUMP = 0x147,
+	MRPC_CSR_GET = 0x14A,
 
-	MRPC_MAX_ID = 0x148,
+	MRPC_MAX_ID = 0x14B,
 };
 
 enum mrpc_bg_status {

lib/mfg.c

@@ -1703,4 +1703,51 @@ int switchtec_sn_ver_get(struct switchtec_dev *dev,
 		return sn_ver_get_gen4(dev, info);
 }
 
+/**
+ * @brief Retrieve Certificate Signing Request (CSR)
+ * @param[in]  dev	Switchtec device handle
+ * @param[in]  fd	File handle to write the CSR data
+ * @return 0 on success, error code on failure
+ */
+int switchtec_csr_to_file(struct switchtec_dev *dev, int fd)
+{
+	int ret;
+	uint16_t remaining_len;
+	struct csr_read {
+		uint8_t subcmd;
+		uint8_t reserved0;
+		uint16_t read_offset;
+		uint16_t read_len;
+		uint16_t reserved1;
+	} read = {};
+	struct csr_reply {
+		uint16_t read_offset;
+		uint16_t returned_data_len;
+		uint16_t total_data_len;
+		uint16_t reserved;
+		uint8_t data[800];
+	} reply = {};
+
+	read.subcmd = 0;
+	read.read_offset = 0;
+	read.read_len= 800;
+
+	do {
+		ret = switchtec_mfg_cmd(dev, MRPC_CSR_GET,
+					&read, sizeof(read),
+					&reply, sizeof(reply));
+		if (ret)
+			return ret;
+
+		read.read_offset = reply.read_offset + reply.returned_data_len;
+		remaining_len = reply.total_data_len - read.read_offset;
+		read.read_len = (remaining_len > 800) ? 800 : remaining_len;
+		ret = write(fd, reply.data, reply.returned_data_len);
+		if (ret < 0)
+			return ret;
+	} while (remaining_len);
+
+	return 0;
+}
+
 /**@}*/