| # Copyright 2017 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Report UMA statistics for completed TPM firmware updates" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started system-services |
| |
| script |
| # Report updater status for this boot. The updater's status code |
| # gets written to the tpm-firmware-updater.status file by the |
| # tpm-firmware-update init job that runs during early boot. |
| status="$(cat /run/tpm-firmware-updater.status || :)" |
| if [ -n "${status}" ]; then |
| metrics_client -s Platform.TPM.FirmwareUpdate.Status "$((status))" |
| fi |
| rm -f /run/tpm-firmware-updater.status |
| |
| # Read firmware update parameters directly from VPD instead of |
| # looking at the cache. This is necessary in case they were modified |
| # during recovery, which may leave the cache out of sync. |
| vpd_params="$(vpd -i RW_VPD -g tpm_firmware_update_params | tr ',' '\n')" |
| |
| # Decode key-value pairs. |
| while IFS=":" read -r key value; do |
| sanitized_key="$( |
| echo "${key}" | tr '[:upper:] ' '[:lower:]_' | tr -cd '[:alnum:]_-')" |
| sanitized_value="$(echo "${value}" | tr -cd '[:alnum:]._-')" |
| readonly "vpd_param_${sanitized_key}=${sanitized_value}" |
| done <<EOF |
| ${vpd_params} |
| EOF |
| |
| # Don't report any metrics if dryrun is on. |
| if [ "${vpd_param_dryrun}" = "1" ]; then |
| exit |
| fi |
| |
| # Report appropriate metrics for terminal states. |
| case "${vpd_param_mode}" in |
| complete) |
| # Successful update. Look at the number of attempts to see |
| # whether it went smoothly or not. More than one attempt |
| # indicates a successful retry in recovery mode. |
| if [ "${vpd_param_attempts}" = "1" ]; then |
| metrics_client -e Platform.TPM.FirmwareUpdate.Result 0 3 |
| else |
| metrics_client -e Platform.TPM.FirmwareUpdate.Result 1 3 |
| fi |
| metrics_client -e Platform.TPM.FirmwareUpdate.Attempts \ |
| "${vpd_param_attempts}" 10 |
| ;; |
| failed) |
| # Failed updater run that however didn't cause subsequent boot |
| # failure (otherwise being here indicates we've gone through |
| # successful retry in recovery mode, which should have flipped |
| # mode to "complete". |
| metrics_client -e Platform.TPM.FirmwareUpdate.Result 2 3 |
| ;; |
| *) |
| # Bail out to avoid deleting the VPD key in non-terminal states. |
| exit |
| ;; |
| esac |
| |
| # Clear the VPD so we don't report again. |
| vpd -i RW_VPD -d tpm_firmware_update_params |
| end script |