升级完过渡包后,正式包升级失败

交流互助区
1

1.参考帖子自签名CA创建以及HPM签名指导 生成rootca.crl rootca.der signer.pem ts_signer.pem tsa.cnf等文件,并用这些文件分别在场内和场外制作过渡包及正式包。
2.将基于旧的CA证书生成的包回退到华为CA,再通过新生成的过渡包升级,过渡包再升级新的正式包失败。
升级新过渡包成功日志:

1970-01-01 08:03:05.356997 firmware_mgmt NOTICE: utils.lua(34): The file path is local.
1970-01-01 08:03:05.371025 firmware_mgmt NOTICE: init.lua(33): update status to FS_SIMPLE_UPGRADING.
1970-01-01 08:03:05.380738 firmware_mgmt NOTICE: task_service.lua(49): task create success, task id: 2994478777
1970-01-01 08:03:05.425413 firmware_mgmt NOTICE: file_transfer.lua(142): start to move file [rootfs_TaiShan200_2280v2_zhongquan.hpm] from tmp to shm
1970-01-01 08:03:05.922819 firmware_mgmt NOTICE: file_transfer.lua(147): move_file_s ok:true, err:0
1970-01-01 08:03:05.967140 firmware_mgmt NOTICE: validate_sign.lua(217): config cms sign enable:true
1970-01-01 08:03:05.969159 firmware_mgmt NOTICE: validate_sign.lua(138): the custom ca certificate is exist, load custom certificate
1970-01-01 08:03:06.011775 firmware_mgmt NOTICE: validate_sign.lua(159): verify signature successfully
1970-01-01 08:03:06.420790 firmware_mgmt NOTICE: action.lua(37): Validate signature successfully
1970-01-01 08:03:06.424829 power_mgmt NOTICE: power_mgmt_app.lua(156): [power_mgmt] init OK
1970-01-01 08:03:06.537281 firmware_mgmt NOTICE: hpm_package.lua(424): get obj table: 0x7b928ddcbaf0 for Id=25
1970-01-01 08:03:06.538900 firmware_mgmt NOTICE: hpm_package.lua(393): System product info:ProductId(65535), ProductVendorID(0xffffffff), ProductUniqueID(0xffffffff)
1970-01-01 08:03:06.539102 firmware_mgmt NOTICE: hpm_package.lua(397): System product id is 0xffff, skip board verification
1970-01-01 08:03:06.539324 firmware_mgmt NOTICE: hpm_package.lua(417): get obj table: 0x7b928ddcbaf0 for Id=25
1970-01-01 08:03:06.539580 firmware_mgmt NOTICE: hpm_package.lua(439): hard_revision:0, soft_revision:0
1970-01-01 08:03:06.539760 firmware_mgmt NOTICE: hpm_package.lua(452): revision number check successfully. Target revision=(0, 0) and hpm revision=20
1970-01-01 08:03:08.194300 firmware_mgmt NOTICE: action.lua(47): Parse hpm package successfully
1970-01-01 08:03:08.194587 firmware_mgmt NOTICE: control.lua(237): upgrade_task file_name=rootfs_TaiShan200_2280v2_zhongquan.hpm, FirmwareType=BMC, fw_num=1, UniqueIDList=table: 0x7b92777c1650
1970-01-01 08:03:08.292370 firmware_mgmt NOTICE: info_mgmt.lua(71): create_info: info_key=1BMC, FirmwareType=BMC, task_id=2994478777
1970-01-01 08:03:08.395073 firmware_mgmt NOTICE: action.lua(85): public initialize action
1970-01-01 08:03:08.395296 firmware_mgmt NOTICE: info_mgmt.lua(169): info_key(1BMC) upgrade set_stage: INITIALIZE -> DIFF_PREPARE, 5
1970-01-01 08:03:08.504635 general_hardware NOTICE: dpu_service.lua(481): [DPU] firmware_type:BMC
1970-01-01 08:03:08.508436 bmc_upgrade NOTICE: upgrade.lua(111): base_ver = 5.07.00.01, target_ver = 5.07.00.01
1970-01-01 08:03:08.511229 bmc_upgrade NOTICE: update_mgmt.lua(34): get_downgrade_allowed: DowngradeAllowed true
1970-01-01 08:03:08.516841 firmware_mgmt NOTICE: info_mgmt.lua(169): info_key(1BMC) upgrade set_stage: DIFF_PREPARE -> COMMON_PREPARE, 5
1970-01-01 08:03:08.597311 firmware_mgmt NOTICE: action.lua(89): public prepare action
1970-01-01 08:03:08.657070 firmware_mgmt NOTICE: [worker](9): start action in worker
1970-01-01 08:03:08.707085 firmware_mgmt NOTICE: [worker](14): execute before action script successfully
1970-01-01 08:03:09.644957 firmware_mgmt NOTICE: info_mgmt.lua(169): info_key(1BMC) upgrade set_stage: COMMON_PREPARE -> PROCESS, 15
1970-01-01 08:03:09.744806 firmware_mgmt NOTICE: control.lua(151): sys_id=1, fw_type=BMC, filename=/dev/shm/upgrade/2994478777/Firmware1
1970-01-01 08:03:09.831905 bmc_upgrade NOTICE: fw_decrypt_work.lua(80): start fw decrypt work
1970-01-01 08:03:15.590767 bmc_upgrade NOTICE: fw_decrypt_work.lua(105): end fw decrypt work, use time:5.894546
1970-01-01 08:03:16.011003 bmc_upgrade NOTICE: fw_pkg_work.lua(22): start write package to flash
1970-01-01 08:03:23.590235 account ERROR: account_service.lua(594): now time(1970-01-01 08:03:23) is default time, account time info operation passed
1970-01-01 08:03:38.381411 bmc_upgrade NOTICE: fw_pkg.lua(353): rootfs image file len: 394268672

升级新正式包失败日志:

1970-01-01 08:02:10.947003 firmware_mgmt NOTICE: utils.lua(34): The file path is local.
1970-01-01 08:02:10.964713 firmware_mgmt NOTICE: init.lua(33): update status to FS_SIMPLE_UPGRADING.
1970-01-01 08:02:10.991345 firmware_mgmt NOTICE: task_service.lua(49): task create success, task id: 880654925
1970-01-01 08:02:11.035133 firmware_mgmt NOTICE: file_transfer.lua(142): start to move file [rootfs_openUBMC.hpm] from tmp to shm
1970-01-01 08:02:11.478088 firmware_mgmt NOTICE: file_transfer.lua(147): move_file_s ok:true, err:0
1970-01-01 08:02:11.522240 firmware_mgmt NOTICE: validate_sign.lua(217): config cms sign enable:true
1970-01-01 08:02:11.523374 firmware_mgmt NOTICE: validate_sign.lua(138): the custom ca certificate is exist, load custom certificate
1970-01-01 08:02:11.536209 firmware_mgmt WARNING: init.lua(98): nil:253 > validate_sign.lua:-1 > validate_sign.lua:157: An error occurred during the firmware upgrade process. Details: verify signature error, code 88200004
1970-01-01 08:02:11.537126 firmware_mgmt ERROR: validate_sign.lua(255): FirmwareUpgradeError: An error occurred during the firmware upgrade process. Details: verify signature error, code 88200004
1970-01-01 08:02:11.538517 firmware_mgmt ERROR: action.lua(34): Validate package sign failed
1970-01-01 08:02:11.539337 firmware_mgmt ERROR: control.lua(298): parse package(rootfs_openUBMC.hpm) failed, ret:nil.
1970-01-01 08:02:11.555558 event WARNING: init.lua(98): nil:0 > queue.lua:-1 > event_management.lua:918: Incorrect value of property State.
1970-01-01 08:02:11.743275 firmware_mgmt NOTICE: init.lua(33): update status to FS_IDLE.
1970-01-01 08:02:14.558892 event WARNING: init.lua(98): nil:0 > queue.lua:-1 > event_management.lua:918: Incorrect value of property State.
1970-01-01 08:02:15.702877 manufacture ERROR: function_get_version.lua(104): get Board objects failed
1970-01-01 08:02:17.555218 event WARNING: init.lua(98): nil:0 > queue.lua:-1 > event_management.lua:918: Incorrect value of property State.
1970-01-01 08:02:18.342648 web_backend NOTICE: init.lua(99): upload content length:number 77075732, remaining capacity space:number 133898240
1970-01-01 08:02:20.248841 manufacture ERROR: function_get_version.lua(61): get Board objects failed
1970-01-01 08:02:20.556364 event WARNING: init.lua(98): nil:0 > queue.lua:-1 > event_management.lua:918: Incorrect value of property State.
1970-01-01 08:02:23.560571 event WARNING: init.lua(98): nil:0 > queue.lua:-1 > event_management.lua:918: Incorrect value of property State.
1970-01-01 08:02:25.950307 firmware_mgmt NOTICE: utils.lua(34): The file path is local.
1970-01-01 08:02:25.963544 firmware_mgmt NOTICE: init.lua(33): update status to FS_SIMPLE_UPGRADING.
1970-01-01 08:02:25.975527 firmware_mgmt NOTICE: task_service.lua(49): task create success, task id: 610466653
1970-01-01 08:02:26.016416 firmware_mgmt NOTICE: file_transfer.lua(142): start to move file [rootfs_openUBMC.hpm] from tmp to shm
1970-01-01 08:02:26.452003 firmware_mgmt NOTICE: file_transfer.lua(147): move_file_s ok:true, err:0
1970-01-01 08:02:26.501049 firmware_mgmt NOTICE: validate_sign.lua(217): config cms sign enable:true
1970-01-01 08:02:26.504983 firmware_mgmt NOTICE: validate_sign.lua(138): the custom ca certificate is exist, load custom certificate
1970-01-01 08:02:26.514649 firmware_mgmt WARNING: init.lua(98): nil:253 > validate_sign.lua:-1 > validate_sign.lua:157: An error occurred during the firmware upgrade process. Details: verify signature error, code 88200004
1970-01-01 08:02:26.514935 firmware_mgmt ERROR: validate_sign.lua(255): FirmwareUpgradeError: An error occurred during the firmware upgrade process. Details: verify signature error, code 88200004
1970-01-01 08:02:26.515461 firmware_mgmt ERROR: action.lua(34): Validate package sign failed
1970-01-01 08:02:26.515677 firmware_mgmt ERROR: control.lua(298): parse package(rootfs_openUBMC.hpm) failed, ret:nil.
1970-01-01 08:02:26.556949 event WARNING: init.lua(98): nil:0 > queue.lua:-1 > event_management.lua:918: Incorrect value of property State.
1970-01-01 08:02:26.717354 firmware_mgmt NOTICE: init.lua(33): update status to FS_IDLE.
1970-01-01 08:02:44.565422 rmcpd ERROR: event_mgmt.lua(47): Set InsecureCryptographicAlgorithm alarm failed! ({"SuiteId":1,"State":false}, err=PropertyValueError: Incorrect value of property State.)
1970-01-01 08:02:47.209011 product_mgmt ERROR: service.lua(48): Get product obj failed!
1970-01-01 08:02:47.210448 product_mgmt ERROR: app_preloader.lua(80): ...mc/apps/product_mgmt/lualib/digital_warranty/service.lua:64: app(product_mgmt/service/main) count(1) pcall failed(...mc/apps/product_mgmt/lualib/digital_warranty/service.lua:49: Get product obj failed)
1970-01-01 08:03:06.151737 power_mgmt NOTICE: power_mgmt_app.lua(156): [power_mgmt] init OK
1970-01-01 08:03:22.381755 account ERROR: account_service.lua(594): now time(1970-01-01 08:03:22) is default time, account time info operation passed

根据帖子伙伴openubmc版本如何支持升级华为签名固件版本和伙伴自己签名的固件版本均能成功? - #4,来自 xuhaijun 判断是否为pss模式,
正式包发现是没有pss模式的,但是过渡包是pss模式。

root@9108135f6286:/home/workspace/ca# openssl x509 -in rootca.pem -text -noout | grep "Signature Algorithm"
        Signature Algorithm: rsassaPss        
    Signature Algorithm: rsassaPss
root@9108135f6286:/home/workspace/ca#
解析bin文件extract_bin.py脚本获取方式
定制签名过期,该如何升级新签名固件
2

可以用binwalk提取2个hpm证书。我之前写的提取脚本好像被我删了,如果可以,把2个hpm包改成.pdf命名试试,能不能发到论坛上。

3

日志已经指明验签失败,请检查预置的根CA与签名CA是否匹配。

4

重新出过渡包后问题已解决 感谢