Update RoT before SP so it is ready to measure SP when SP resets.

Fix `json_to_map()` so that JSON errors are reported properly.
Some calls to `print()` change to logging to debug or info.
Add configuration for `faux-ipcc`.
  - since system() needs to be used to run faux-ipcc, should there
    be a regex to parse or are Rhai's existing string functions
    sufficient to pull out certs and measurements? Since faux-ipcc
    doesn't handle attestations yet, we'll wait a bit.

Author: lzrd

faux-mgs/Cargo.toml

@@ -44,6 +44,5 @@ thiserror = { workspace = true, optional = true }
 toml = { workspace = true, optional = true }
 
 [features]
-# XXX remove rhaiscript as a defailt feature
 default = ["rhaiscript"]
 rhaiscript = [ "dep:async-recursion", "dep:hubtools", "dep:lpc55_areas", "dep:lpc55_sign", "dep:rhai", "dep:rhai-chrono", "dep:rhai-env", "dep:rhai-fs", "dep:thiserror", "dep:toml"]

faux-mgs/src/rhaiscript.rs

@@ -334,12 +334,11 @@ pub async fn interpreter(
             })
             // Offer proper JSON to Dynamic::Map conversion
             .register_fn("json_to_map", move |v: Dynamic| -> Dynamic {
-                match v.into_string() {
+                match v.clone().into_string() {
                     Ok(s) => match serde_json::from_str::<Dynamic>(&s) {
                         Ok(v) => v,
                         Err(e) => {
-                            let err = format!("{{\"error\": \"{:?}\"}}", e)
-                                .to_string();
+                            let err = json!(e.to_string()).to_string();
                             serde_json::from_str::<Dynamic>(&err).unwrap()
                         }
                     },

scripts/targets.json

@@ -26,5 +26,10 @@
       "rot_b": "${ut_repo}/target/${bord.rot}/dist/b/build-${bord.rot}-image-b.zip",
       "stage0": "${keyset-dvt-dock}/gimlet/bootleby-${ut-b-ver}-${keyset}-gimlet.zip"
     }
+  },
+
+  "ipcc": {
+      "faux_ipcc": "${HOME}/.cargo/bin/faux-ipcc",
+      "port": "/dev/ttyUSB0"
   }
 }

scripts/upgrade-rollback.rhai

@@ -16,7 +16,7 @@ fn main() {
     // Display start time
     let start_ts = timestamp();
     let start_time = datetime_local();
-    print(`Starting at ${start_time}`);
+    debug(`info|Starting at ${start_time}`);
 
     let conf = process_cli(argv);
     switch type_of(conf) {
@@ -58,7 +58,7 @@ fn main() {
                 print(`The SP probably needs to be reset before continuing`);
                 print(`Trying to abort the update with id=${id}`);
                 let r = faux_mgs(["update-abort", component, `${id}`]);
-                debug(`update-abort = ${r}`);
+                debug(`info|update-abort = ${r}`);
             }
         }
         if problems == 0 {
@@ -107,7 +107,7 @@ fn main() {
     }
 
     // Update RoT with baseline image
-    debug(`Flash baseline rot hubris`);
+    debug(`info|Flash baseline rot hubris`);
     if flash_rot && !update_rot_hubris(conf.base.rot_a, conf.base.rot_b) {
         return 1
     }
@@ -120,7 +120,7 @@ fn main() {
         let result = image_check("base", images);
         if result?.error != () || result.ok.sp || result.ok.rot {
             // Not able to check images or one or both base images not installed.
-            debug(`image_check error or failed BASE image updates: ${result}`);
+            debug(`warn|image_check error or failed BASE image updates: ${result}`);
             return 1;
         }
     }
@@ -145,21 +145,24 @@ fn main() {
         }
     ] {
         print("");
+
+        debug(`info|${v.up_down} Rot Hubris to ${v.label} image`);
+        if !update_rot_hubris(v.rot_a_path, v.rot_b_path) {
+            debug(`error|Failed to ${v.up_down} RoT Hubris to ${v.label} image: ${r}`);
+            return 1
+        }
+
         print(`## ${v.up_down} to ${v.label} images`);
-        debug(`${v.up_down} SP Hubris to ${v.label} image`);
+        debug(`info|${v.up_down} SP Hubris to ${v.label} image`);
         if !update_sp(v.sp_path) {
-            print(`Failed to ${v.up_down} SP Hubris to ${v.label} image: ${r}`);
+            debug(`error|Failed to ${v.up_down} SP Hubris to ${v.label} image: ${r}`);
             return 1;
         }
-        debug(`${v.up_down} Rot Hubris to ${v.label} image`);
-        if !update_rot_hubris(v.rot_a_path, v.rot_b_path) {
-            print(`Failed to ${v.up_down} RoT Hubris to ${v.label} image: ${r}`);
-            return 1
-        }
+
         let result = image_check(v.branch, images);
         if result?.error != () || result.ok.sp || result.ok.rot {
             // Not able to check images or one or both ${branch} images not installed.
-            debug(`image_check error or failed ${label} image updates: ${result}`);
+            debug(`error|image_check error or failed ${label} image updates: ${result}`);
             return 1;
         }
         print(`### SUCCESS: ${v.up_down} to SP and RoT ${v.label} images`);
@@ -242,15 +245,37 @@ fn process_cli(argv) {
                 print(`No configuration for image ${branch}.${image}`);
             } else {
                 conf[branch][image] = zip_path;
-                debug(`conf.${branch}.${image}=${zip_path}`);
+                debug(`info|conf.${branch}.${image}=${zip_path}`);
             }
         };
     }
 
+    // If ipcc has been specified, then include that as well
+    let faux_ipcc_path = config?.ipcc?.faux_ipcc;
+    let x = 1;
+    let a = if x == 2 {
+      3
+    } else {
+      4
+    };
+    print(x);
+    conf.ipcc = if faux_ipcc_path != () {
+        #{
+          "use_ipcc": true,
+          "faux_ipcc": util::env_expand(config.ipcc.faux_ipcc, config),
+          "port": util::env_expand(config.ipcc?.port, config),
+        }
+    } else {
+        #{
+          "use_ipcc": false,
+        }
+    };
+
     if conf.verbose {
         print("");
         print(`Parsed conf=${conf}`);
     }
+
     conf
 }
 
@@ -350,7 +375,7 @@ fn check_update_in_progress(component) {
     let r = faux_mgs(["update-status", component]);
     debug(`update_status(${component})=${r}`);
     if r?.Err != () {
-        debug(`failed update-status: ${r}`);
+        debug(`error|failed update-status: ${r}`);
         return r;
     }
     if r?.Ok == "None" {
@@ -374,7 +399,7 @@ fn check_update_in_progress(component) {
             "id":  util::to_hexstring(r.Complete),
         };
     }
-    debug(`update-status: ${r}`);
+    debug(`error|update-status: ${r}`);
     return #{"Err": `unknown update-status: ${r}`};
 }
 
@@ -388,7 +413,7 @@ fn update_sp(sp_zip) {
     if r?.ack == "updated" {
         print("flash_sp updated");
     } else {
-        debug("#### FAILED flash_sp update");
+        debug("error|#### FAILED flash_sp update");
         print("FAIL\n");
         return false;
     }
@@ -404,7 +429,7 @@ fn update_sp(sp_zip) {
     let r = faux_mgs(["component-active-slot", "--persist", "-s", "0", "sp"]);
     debug(`persist result = ${r}`);
     if r?["ack"] == () || r.ack != "set" || r.slot != 0 {
-        debug("Failed to persist");
+        debug("error|Failed to persist");
         print("FAIL\n");
         return false;
     }
@@ -414,7 +439,7 @@ fn update_sp(sp_zip) {
     let r = faux_mgs(["reset"]);
     debug(`faux-mgs reset => ${r}`);
     if r?.ack != "reset" {
-        debug(`unexpected sp reset response: ${r}`);
+        debug(`warn|unexpected sp reset response: ${r}`);
         print("FAIL\n");
         return false;
     }
@@ -463,13 +488,13 @@ fn update_rot_hubris(path_a, path_b) {
     let r = faux_mgs(["component-active-slot", "-p", "-s", `${rot_update_slot}`, "rot"]);
     debug(`persist result = ${r}`);
     if r?.ack == () || r.ack != "set" || r.slot != rot_update_slot {
-        debug(`Failed to persist rot: r=${r}`);
+        debug(`error|Failed to persist rot: r=${r}`);
         print("");
         return false;
     }
     let r = faux_mgs(["reset-component", "rot"]);
     if r?.ack != "reset" {
-        debug(`reset failed: ${r}`);
+        debug(`error|reset failed: ${r}`);
         print("");
         return false;
     }
@@ -535,7 +560,7 @@ fn image_check(branch, images) {
 
     let need_flash = rot_needs_flashing(`${branch}`, images.by_gitc);
     if need_flash?.error != () {
-        debug(`Error: ${need_flash}`);
+        debug(`error|${need_flash}`);
         error["rot"] = `${flash_rot}`;
     } else {
         ok["rot"] = need_flash.ok;
@@ -583,13 +608,13 @@ fn rot_needs_flashing(branch, gitc) {
     debug(`gitc[${rot_gitc}]=${gitc?[rot_gitc]}`);
     let known_gitc = gitc?[rot_gitc];
     if known_gitc == () {
-        print("    the RoT is not running a BASE or UNDER-TEST image.");
+        debug("info|the RoT is not running a BASE or UNDER-TEST image.");
         #{"ok": true}
     } else if branch_rot_name in known_gitc {
-        debug(`${branch_rot_name} IS in ${known_gitc}`);
+        debug(`info|${branch_rot_name} IS in ${known_gitc}`);
         #{"ok": false}
     } else {
-        debug(`${branch_rot_name} IS NOT in ${known_gitc}`);
+        debug(`info|${branch_rot_name} IS NOT in ${known_gitc}`);
         #{"ok": true}
     }
 }

scripts/util.rhai

@@ -6,13 +6,13 @@
 /// Print out commonly available environment variables to demonstrate
 /// the env_expand function.
 fn show_env() {
-    print(`cwd=${cwd().to_string()}`);
-    print("Common environment variables:");
-    print(`    ${env_expand("PWD=${PWD}", #{})}`);
-    print(`    ${env_expand("HOME=${HOME}", #{})}`);
-    print(`    ${env_expand("LOGNAME=${LOGNAME}", #{})}`);
-    print(`    ${env_expand("SHELL=${SHELL}", #{})}`);
-    print(`    ${env_expand("USER=${USER}", #{})}`);
+    debug(`info|cwd=${cwd().to_string()}`);
+    debug("info|Common environment variables:");
+    debug(`info|    ${env_expand("PWD=${PWD}", #{})}`);
+    debug(`info|    ${env_expand("HOME=${HOME}", #{})}`);
+    debug(`info|    ${env_expand("LOGNAME=${LOGNAME}", #{})}`);
+    debug(`info|    ${env_expand("SHELL=${SHELL}", #{})}`);
+    debug(`info|    ${env_expand("USER=${USER}", #{})}`);
 }
 
 // Reformat a byte array as a hex byte string representation.
@@ -65,7 +65,7 @@ fn ab_to_01(v) {
 // For no override, use #{} in place of the override map.
 fn env_expand(s, override) {
     if s == () {
-        print!("Warning: trying to expand ()");
+        debug("error|Warning: trying to expand ()");
         return ();
     }
     // Note: Using an ImmutableString when there are usually
@@ -78,7 +78,7 @@ fn env_expand(s, override) {
     let envmap = envs();
     while remain.len() > 0 {
         if out.len() > 2048 {
-            print(`env_expand error: out.len() has reached ${out.len()}`);
+            debug(`error|env_expand error: out.len() has reached ${out.len()}`);
             return ();
         }
         let i = remain.index_of("${");
@@ -109,17 +109,17 @@ fn env_expand(s, override) {
                 key = key[dot+1..];
                 vars = vars?[topkey];
                 if vars == () {
-                    print("Error: env_expand: out of vars!");
-                    print(`Expansion of "${s}" is "${out}" with remainder "${remain}"`);
+                    debug("error|env_expand: out of vars!");
+                    debug(`error|Expansion of "${s}" is "${out}" with remainder "${remain}"`);
                     return ();
                 }
                 dot = key.index_of(".");
             }
             if key in vars {
                 value = vars[key];
             } else {
-                print(`Cannot expand ${orig_key}`);
-                print(`Expansion of "${s}" is "${out}" with remainder "${remain}"`);
+                debug(`error|Cannot expand ${orig_key}`);
+                debug(`error|Expansion of "${s}" is "${out}" with remainder "${remain}"`);
             }
         } else {
             // No dot in key, top-level from `override` or
@@ -130,8 +130,8 @@ fn env_expand(s, override) {
                 value = env(key);
             } else {
                 // TODO: tie into faux-mgs logging
-                print(`Cannot expand ${key}`);
-                print(`Expansion of "${s}" is "${out}" with remainder "${remain}"`);
+                debug(`error|Cannot expand ${key}`);
+                debug(`error|Expansion of "${s}" is "${out}" with remainder "${remain}"`);
                 return ()
             }
         }
@@ -145,8 +145,6 @@ fn env_expand(s, override) {
 /// Make RotBootInfoV3 more rhai friendly.
 fn rot_boot_info() {
     let r = faux_mgs(["rot-boot-info", "--version", "3"]);
-    // print(`RESULTS: ${type_of(r)}:`);
-    // print(`${r}`);
     if r.V3?.active == () {
         return (#{})
     }
@@ -200,19 +198,19 @@ fn caboose_value(component, slot, key) {
 
 // Connect though the SP to get caboose values for all RoT and SP images.
 fn get_device_cabooses() {
-    let caboose = #{};
-    for component in ["stage0", "rot", "sp"] {
+  let caboose = #{};
+  for component in ["stage0", "rot", "sp"] {
     for slot in ["0", "1"] {
-    if (component in caboose) == false {
-        caboose[component] = #{};
+      if (component in caboose) == false {
+          caboose[component] = #{};
+      }
+      if (slot in caboose[component]) == false {
+          caboose[component][slot] = #{};
+      }
+      caboose[component][slot] = get_caboose(component, slot);
     }
-    if (slot in caboose[component]) == false {
-        caboose[component][slot] = #{};
-    }
-    caboose[component][slot] = get_caboose(component, slot);
-}
-}
-caboose
+  }
+  caboose
 }
 
 // Translate the LPC55's Root Key Table Hash to a well-known keyset name or