From 0afb07cdb68f4d50cc3eb2aafc802b327c91de3e Mon Sep 17 00:00:00 2001
From: Milosz Wasilewski <milosz.wasilewski@foundries.io>
Date: Tue, 11 Jun 2024 09:46:25 +0100
Subject: [PATCH] automated: linux: enable custom path for OTA rollback u-boot

This patch allows to corrupt u-boot image in arbitrary path. It's
required for systems that use LUKS encryption. When LUKS is used,
after downloading an update, bootloader files are copied to unencrypted
partition, from where they can be read by u-boot runtime.

Signed-off-by: Milosz Wasilewski <milosz.wasilewski@foundries.io>
---
 .../linux/ota-rollback/download-update.sh     | 35 +++++++++++++------
 .../linux/ota-rollback/download-update.yaml   |  5 +--
 2 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/automated/linux/ota-rollback/download-update.sh b/automated/linux/ota-rollback/download-update.sh
index acb776121..15a153b1d 100755
--- a/automated/linux/ota-rollback/download-update.sh
+++ b/automated/linux/ota-rollback/download-update.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # SPDX-License-Identifier: GPL-2.0-only
-# Copyright (C) 2021 Foundries.io Ltd.
+# Copyright (C) 2021-2024 Foundries.io Ltd.
 
 # shellcheck disable=SC1091
 . ../../lib/sh-test-lib
@@ -13,7 +13,7 @@ export UBOOT_VAR_TOOL
 UBOOT_VAR_SET_TOOL=fw_setenv
 export UBOOT_VAR_SET_TOOL
 PACMAN_TYPE="ostree+compose_apps"
-UBOOT_IMAGE_NAME="u-boot.itb"
+UBOOT_IMAGE_PATH="/sysroot/ostree/deploy/lmp/deploy/\${DEPLOYMENT_HASH}/usr/lib/firmware/u-boot.itb"
 DEBUG="false"
 SOTA_CONFDIR="/etc/sota/conf.d"
 
@@ -40,8 +40,15 @@ usage() {
         These change the 'type' variable in 'pacman' section
         of the final .toml file used by aklite. Default is
         ostree+compose_apps
-    -f u-boot image file name to corrupt. On some machines
-        u-boot image has different name. Default is u-boot.itb
+    -f path to u-boot image file name to corrupt. On some machines
+        u-boot image has different name. Default is:
+        /sysroot/ostree/deploy/lmp/deploy/\${DEPLOYMENT_HASH}/usr/lib/firmware/u-boot.itb
+        DEPLOYMENT_HASH is substituted after the OTA update
+        is downloaded.
+        Additional variable FS_HASH is available to construct
+        the final path. FS_HASH is a string that corresponds to
+        DEPLOYMENT_HASH ostree commit ID and is used in the
+        filesystem paths.
     -d <true|false> Enables more debug messages. Default: false
 	"
 }
@@ -52,7 +59,7 @@ while getopts "t:u:s:o:f:d:h" opts; do
         u) UBOOT_VAR_TOOL="${OPTARG}";;
         s) UBOOT_VAR_SET_TOOL="${OPTARG}";;
         o) PACMAN_TYPE="${OPTARG}";;
-        f) UBOOT_IMAGE_NAME="${OPTARG}";;
+        f) UBOOT_IMAGE_PATH="${OPTARG}";;
         d) DEBUG="${OPTARG}";;
         h|*) usage ; exit 1 ;;
 	esac
@@ -191,19 +198,27 @@ fi
 
 if [ "${UPGRADE_AVAILABLE}" -eq 1 ]; then
     if [ "${TYPE}" = "uboot" ]; then
+        # obtain new deployment hash
+        DEPLOYMENT_HASH=$(ostree admin status | grep pending | awk -F' ' '{print $2}')
+        FS_HASH=""
         # add debug print to understand which file is corrupted
         ostree admin status
         for DIRECTORY in /ostree/boot.0/lmp/*
         do
             echo "$DIRECTORY/0 ->"
-            readlink "$DIRECTORY/0"
+            D=$(echo $(realpath "$DIRECTORY/0"))
+            echo "${D}"
+            if echo ${D} | grep "${DEPLOYMENT_HASH}"; then
+                echo "${D}"
+                FS_HASH=${D##*/}
+            fi
         done
+        echo "FS_HASH: ${FS_HASH}"
 
-        # obtain new deployment hash
-        DEPLOYMENT_HASH=$(ostree admin status | grep pending | awk -F' ' '{print $2}')
-        echo "Corrupting u-boot.itb in /sysroot/ostree/deploy/lmp/deploy/${DEPLOYMENT_HASH}/usr/lib/firmware/${UBOOT_IMAGE_NAME}"
+        eval UBOOT_PATH="${UBOOT_IMAGE_PATH}"
+        echo "Corrupting u-boot.itb in ${UBOOT_PATH}"
         # corrupt u-boot.itb
-        echo bad > "/sysroot/ostree/deploy/lmp/deploy/${DEPLOYMENT_HASH}/usr/lib/firmware/${UBOOT_IMAGE_NAME}"
+        echo bad > "${UBOOT_PATH}"
     fi
     if [ "${TYPE}" = "kernel" ]; then
         cat /etc/os-release
diff --git a/automated/linux/ota-rollback/download-update.yaml b/automated/linux/ota-rollback/download-update.yaml
index 959650aa1..314118c27 100644
--- a/automated/linux/ota-rollback/download-update.yaml
+++ b/automated/linux/ota-rollback/download-update.yaml
@@ -20,12 +20,13 @@ metadata:
 params:
         UBOOT_VAR_TOOL: "fw_printenv"
         UBOOT_VAR_SET_TOOL: "fw_setenv"
-        UBOOT_IMAGE_NAME: "u-boot.itb"
+        # use double escape before $
+        UBOOT_IMAGE_PATH: "/sysroot/ostree/deploy/lmp/deploy/\\${DEPLOYMENT_HASH}/usr/lib/firmware/u-boot.itb"
         TYPE: "kernel"
         PACMAN_TYPE: "ostree+compose_apps"
         DEBUG: "false"
 run:
     steps:
         - cd ./automated/linux/ota-rollback
-        - ./download-update.sh -t "${TYPE}" -u "${UBOOT_VAR_TOOL}" -s "${UBOOT_VAR_SET_TOOL}" -o "${PACMAN_TYPE}" -f "${UBOOT_IMAGE_NAME}" -d "${DEBUG}"
+        - ./download-update.sh -t "${TYPE}" -u "${UBOOT_VAR_TOOL}" -s "${UBOOT_VAR_SET_TOOL}" -o "${PACMAN_TYPE}" -f "${UBOOT_IMAGE_PATH}" -d "${DEBUG}"
         - ../../utils/send-to-lava.sh ./output/result.txt