Switch iLO and iRMC to the new secure boot framework

No longer explicit handle secure boot in PXE/iPXE derivatives since it's
now handled there.

Change-Id: I13b1d53578285b7171bfadb53bb2a7f69e7b53e3
Story: #2008270
Task: #41567

3 files changed, 55 insertions, 40 deletions

diff --git a/ironic/drivers/modules/irmc/boot.py b/ironic/drivers/modules/irmc/boot.py
index 0fcc7263f..60ab2fa2e 100644
--- a/ironic/drivers/modules/irmc/boot.py
+++ b/ironic/drivers/modules/irmc/boot.py
@@ -1049,8 +1049,7 @@ class IRMCVirtualMediaBoot(base.BootInterface, IRMCVolumeBootMixIn):
             self._configure_vmedia_boot(task, root_uuid_or_disk_id)
 
         # Enable secure boot, if being requested
-        if deploy_utils.is_secure_boot_requested(node):
-            irmc_common.set_secure_boot_mode(node, enable=True)
+        boot_mode_utils.configure_secure_boot_if_needed(task)
 
     @METRICS.timer('IRMCVirtualMediaBoot.clean_up_instance')
     def clean_up_instance(self, task):
@@ -1068,8 +1067,7 @@ class IRMCVirtualMediaBoot(base.BootInterface, IRMCVolumeBootMixIn):
             return
 
         # Disable secure boot, if enabled secure boot
-        if deploy_utils.is_secure_boot_requested(task.node):
-            irmc_common.set_secure_boot_mode(task.node, enable=False)
+        boot_mode_utils.deconfigure_secure_boot_if_needed(task)
 
         _remove_share_file(_get_iso_name(task.node, label='boot'))
         driver_internal_info = task.node.driver_internal_info
@@ -1130,39 +1128,3 @@ class IRMCPXEBoot(pxe.PXEBoot):
             irmc_management.backup_bios_config(task)
 
         super(IRMCPXEBoot, self).prepare_ramdisk(task, ramdisk_params)
-
-    @METRICS.timer('IRMCPXEBoot.prepare_instance')
-    def prepare_instance(self, task):
-        """Prepares the boot of instance.
-
-        This method prepares the boot of the instance after reading
-        relevant information from the node's instance_info. In case of netboot,
-        it updates the dhcp entries and switches the PXE config. In case of
-        localboot, it cleans up the PXE config.
-
-        :param task: a task from TaskManager.
-        :returns: None
-        :raises: IRMCOperationError, if some operation on iRMC failed.
-        """
-
-        super(IRMCPXEBoot, self).prepare_instance(task)
-        node = task.node
-        if deploy_utils.is_secure_boot_requested(node):
-            irmc_common.set_secure_boot_mode(node, enable=True)
-
-    @METRICS.timer('IRMCPXEBoot.clean_up_instance')
-    def clean_up_instance(self, task):
-        """Cleans up the boot of instance.
-
-        This method cleans up the environment that was setup for booting
-        the instance. It unlinks the instance kernel/ramdisk in node's
-        directory in tftproot and removes the PXE config.
-
-        :param task: a task from TaskManager.
-        :raises: IRMCOperationError, if some operation on iRMC failed.
-        :returns: None
-        """
-        node = task.node
-        if deploy_utils.is_secure_boot_requested(node):
-            irmc_common.set_secure_boot_mode(node, enable=False)
-        super(IRMCPXEBoot, self).clean_up_instance(task)
diff --git a/ironic/drivers/modules/irmc/common.py b/ironic/drivers/modules/irmc/common.py
index 8f81f8cec..0027bab97 100644
--- a/ironic/drivers/modules/irmc/common.py
+++ b/ironic/drivers/modules/irmc/common.py
@@ -198,6 +198,27 @@ def get_irmc_report(node):
         client_timeout=driver_info['irmc_client_timeout'])
 
 
+def get_secure_boot_mode(node):
+    """Get the current secure boot mode.
+
+    :param node: An ironic node object.
+    :raises: UnsupportedDriverExtension if secure boot is not present.
+    :raises: IRMCOperationError if the operation fails.
+    """
+    driver_info = parse_driver_info(node)
+
+    try:
+        return elcm.get_secure_boot_mode(driver_info)
+    except elcm.SecureBootConfigNotFound:
+        raise exception.UnsupportedDriverExtension(
+            driver=node.driver, extension='get_secure_boot_state')
+    except scci.SCCIError as irmc_exception:
+        LOG.error("Failed to get secure boot for node %s", node.uuid)
+        raise exception.IRMCOperationError(
+            operation=_("getting secure boot mode"),
+            error=irmc_exception)
+
+
 def set_secure_boot_mode(node, enable):
     """Enable or disable UEFI Secure Boot
 
diff --git a/ironic/drivers/modules/irmc/management.py b/ironic/drivers/modules/irmc/management.py
index f938df293..99a719a15 100644
--- a/ironic/drivers/modules/irmc/management.py
+++ b/ironic/drivers/modules/irmc/management.py
@@ -372,3 +372,35 @@ class IRMCManagement(ipmitool.IPMIManagement):
         except exception.IRMCOperationError as e:
             raise exception.NodeCleaningFailure(node=task.node.uuid,
                                                 reason=e)
+
+    def get_secure_boot_state(self, task):
+        """Get the current secure boot state for the node.
+
+        NOTE: Not all drivers support this method. Older hardware
+              may not implement that.
+
+        :param task: A task from TaskManager.
+        :raises: MissingParameterValue if a required parameter is missing
+        :raises: DriverOperationError or its derivative in case
+                 of driver runtime error.
+        :raises: UnsupportedDriverExtension if secure boot is
+                 not supported by the driver or the hardware
+        :returns: Boolean
+        """
+        return irmc_common.get_secure_boot_mode(task.node)
+
+    def set_secure_boot_state(self, task, state):
+        """Set the current secure boot state for the node.
+
+        NOTE: Not all drivers support this method. Older hardware
+              may not implement that.
+
+        :param task: A task from TaskManager.
+        :param state: A new state as a boolean.
+        :raises: MissingParameterValue if a required parameter is missing
+        :raises: DriverOperationError or its derivative in case
+                 of driver runtime error.
+        :raises: UnsupportedDriverExtension if secure boot is
+                 not supported by the driver or the hardware
+        """
+        return irmc_common.set_secure_boot_mode(task.node, state)