pvmfw: Move instance_hash in dice::PartialInputs
Simplify data dependencies, for simpler code flow.
Note: No functional change intended.
Test: m pvmfw libpvmfw.dice.test
Change-Id: I210dee0088cfdfdd7090316d8bad033c0082173a
diff --git a/guest/pvmfw/src/main.rs b/guest/pvmfw/src/main.rs
index 9f1b5e6..a4acf04 100644
--- a/guest/pvmfw/src/main.rs
+++ b/guest/pvmfw/src/main.rs
@@ -110,18 +110,17 @@
// By leaking the slice, its content will be left behind for the next stage.
let next_dice_handover = Box::leak(next_dice_handover);
- let dice_inputs = PartialInputs::new(&verified_boot_data).map_err(|e| {
+ let instance_hash = salt_from_instance_id(fdt)?;
+ let dice_inputs = PartialInputs::new(&verified_boot_data, instance_hash).map_err(|e| {
error!("Failed to compute partial DICE inputs: {e:?}");
RebootReason::InternalError
})?;
- let instance_hash = salt_from_instance_id(fdt)?;
let (new_instance, salt, defer_rollback_protection) = perform_rollback_protection(
fdt,
&verified_boot_data,
&dice_inputs,
dice_handover.cdi_seal(),
- instance_hash,
)?;
trace!("Got salt for instance: {salt:x?}");
@@ -154,7 +153,6 @@
.write_next_handover(
new_dice_handover.as_ref(),
&salt,
- instance_hash,
defer_rollback_protection,
next_dice_handover,
dice_context,