commit 1f0add0ccb586aa8f5ebd260846ba49cace30de2
author Alice Wang <aliceywang@google.com> Mon Jan 23 16:22:53 2023 +0000
committer Alice Wang <aliceywang@google.com> Wed Feb 01 08:55:57 2023 +0000
tree 6f2f36889837d7f04ee80839a56b90dd7675abea
parent 77b7dce79083f47ea1bb5dd2d103a7f42d7d42ef

[avb] Collect kernel/initrd digests when verification succeeds

Bug: 265897559
Test: m pvmfw_img && atest libpvmfw_avb.integration_test
Change-Id: I6f281090d0f53464824d80e1348f4d099330ad31

pvmfw/avb/src/verify.rs

diff --git a/pvmfw/avb/src/verify.rs b/pvmfw/avb/src/verify.rs
index 14b0e7e..1a79c83 100644
--- a/pvmfw/avb/src/verify.rs
+++ b/pvmfw/avb/src/verify.rs
@@ -14,15 +14,26 @@
 
 //! This module handles the pvmfw payload verification.
 
-use crate::descriptor::HashDescriptors;
+use crate::descriptor::{Digest, HashDescriptors};
 use crate::error::AvbSlotVerifyError;
 use crate::ops::{Ops, Payload};
 use crate::partition::PartitionName;
 use avb_bindgen::{AvbPartitionData, AvbVBMetaData};
 use core::ffi::c_char;
 
+/// Verified data returned when the payload verification succeeds.
+#[derive(Debug)]
+pub struct VerifiedBootData {
+    /// DebugLevel of the VM.
+    pub debug_level: DebugLevel,
+    /// Kernel digest.
+    pub kernel_digest: Digest,
+    /// Initrd digest if initrd exists.
+    pub initrd_digest: Option<Digest>,
+}
+
 /// This enum corresponds to the `DebugLevel` in `VirtualMachineConfig`.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub enum DebugLevel {
     /// Not debuggable at all.
     None,
@@ -87,7 +98,7 @@
     kernel: &[u8],
     initrd: Option<&[u8]>,
     trusted_public_key: &[u8],
-) -> Result<DebugLevel, AvbSlotVerifyError> {
+) -> Result<VerifiedBootData, AvbSlotVerifyError> {
     let mut payload = Payload::new(kernel, initrd, trusted_public_key);
     let mut ops = Ops::from(&mut payload);
     let kernel_verify_result = ops.verify_partition(PartitionName::Kernel.as_cstr())?;
@@ -100,12 +111,15 @@
     // which is returned by `avb_slot_verify()` when the verification succeeds. It is
     // guaranteed by libavb to be non-null and to point to a valid VBMeta structure.
     let hash_descriptors = unsafe { HashDescriptors::from_vbmeta(vbmeta_image)? };
-    // TODO(b/265897559): Pass the digest in kernel descriptor to DICE.
-    let _kernel_descriptor = hash_descriptors.find(PartitionName::Kernel)?;
+    let kernel_descriptor = hash_descriptors.find(PartitionName::Kernel)?;
 
     if initrd.is_none() {
         verify_vbmeta_has_only_one_hash_descriptor(&hash_descriptors)?;
-        return Ok(DebugLevel::None);
+        return Ok(VerifiedBootData {
+            debug_level: DebugLevel::None,
+            kernel_digest: kernel_descriptor.digest,
+            initrd_digest: None,
+        });
     }
 
     let initrd = initrd.unwrap();
@@ -123,5 +137,10 @@
         initrd_partition_name,
         initrd.len(),
     )?;
-    Ok(debug_level)
+    let initrd_descriptor = hash_descriptors.find(initrd_partition_name)?;
+    Ok(VerifiedBootData {
+        debug_level,
+        kernel_digest: kernel_descriptor.digest,
+        initrd_digest: Some(initrd_descriptor.digest),
+    })
 }