pvmfw: Move FDT ops for RBP to fdt.rs
Note: No functional change intended.
Bug: 377276983
Test: m pvmfw_bin
Change-Id: I7245e2faedc4398f15d135485a860edc44441114
diff --git a/guest/pvmfw/src/fdt.rs b/guest/pvmfw/src/fdt.rs
index 29212f9..818d342 100644
--- a/guest/pvmfw/src/fdt.rs
+++ b/guest/pvmfw/src/fdt.rs
@@ -112,6 +112,24 @@
Ok(None)
}
+/// Read /avf/untrusted/instance-id, if present.
+pub fn read_instance_id(fdt: &Fdt) -> libfdt::Result<Option<&[u8]>> {
+ read_avf_untrusted_prop(fdt, c"instance-id")
+}
+
+/// Read /avf/untrusted/defer-rollback-protection, if present.
+pub fn read_defer_rollback_protection(fdt: &Fdt) -> libfdt::Result<Option<&[u8]>> {
+ read_avf_untrusted_prop(fdt, c"defer-rollback-protection")
+}
+
+fn read_avf_untrusted_prop<'a>(fdt: &'a Fdt, prop: &CStr) -> libfdt::Result<Option<&'a [u8]>> {
+ if let Some(node) = fdt.node(c"/avf/untrusted")? {
+ node.getprop(prop)
+ } else {
+ Ok(None)
+ }
+}
+
fn patch_initrd_range(fdt: &mut Fdt, initrd_range: &Range<usize>) -> libfdt::Result<()> {
let start = u32::try_from(initrd_range.start).unwrap();
let end = u32::try_from(initrd_range.end).unwrap();
diff --git a/guest/pvmfw/src/main.rs b/guest/pvmfw/src/main.rs
index 51bd981..a87a26c 100644
--- a/guest/pvmfw/src/main.rs
+++ b/guest/pvmfw/src/main.rs
@@ -35,13 +35,13 @@
use crate::bcc::Bcc;
use crate::dice::PartialInputs;
use crate::entry::RebootReason;
-use crate::fdt::{modify_for_next_stage, sanitize_device_tree};
+use crate::fdt::{modify_for_next_stage, read_instance_id, sanitize_device_tree};
use crate::rollback::perform_rollback_protection;
use alloc::borrow::Cow;
use alloc::boxed::Box;
use bssl_avf::Digester;
use diced_open_dice::{bcc_handover_parse, DiceArtifacts, DiceContext, Hidden, VM_KEY_ALGORITHM};
-use libfdt::{Fdt, FdtNode};
+use libfdt::Fdt;
use log::{debug, error, info, trace, warn};
use pvmfw_avb::verify_payload;
use pvmfw_avb::DebugLevel;
@@ -205,7 +205,13 @@
// Get the "salt" which is one of the input for DICE derivation.
// This provides differentiation of secrets for different VM instances with same payloads.
fn salt_from_instance_id(fdt: &Fdt) -> Result<Option<Hidden>, RebootReason> {
- let Some(id) = instance_id(fdt)? else { return Ok(None) };
+ let Some(id) = read_instance_id(fdt).map_err(|e| {
+ error!("Failed to get instance-id in DT: {e}");
+ RebootReason::InvalidFdt
+ })?
+ else {
+ return Ok(None);
+ };
let salt = Digester::sha512()
.digest(&[&b"InstanceId:"[..], id].concat())
.map_err(|e| {
@@ -217,23 +223,6 @@
Ok(Some(salt))
}
-fn instance_id(fdt: &Fdt) -> Result<Option<&[u8]>, RebootReason> {
- let Some(node) = avf_untrusted_node(fdt)? else { return Ok(None) };
- let id = node.getprop(c"instance-id").map_err(|e| {
- error!("Failed to get instance-id in DT: {e}");
- RebootReason::InvalidFdt
- })?;
- Ok(id)
-}
-
-fn avf_untrusted_node(fdt: &Fdt) -> Result<Option<FdtNode>, RebootReason> {
- let node = fdt.node(c"/avf/untrusted").map_err(|e| {
- error!("Failed to get /avf/untrusted node: {e}");
- RebootReason::InvalidFdt
- })?;
- Ok(node)
-}
-
/// Logs the given PCI error and returns the appropriate `RebootReason`.
fn handle_pci_error(e: PciError) -> RebootReason {
error!("{}", e);
diff --git a/guest/pvmfw/src/rollback.rs b/guest/pvmfw/src/rollback.rs
index e79705f..95c0273 100644
--- a/guest/pvmfw/src/rollback.rs
+++ b/guest/pvmfw/src/rollback.rs
@@ -16,11 +16,12 @@
use crate::dice::PartialInputs;
use crate::entry::RebootReason;
+use crate::fdt::read_defer_rollback_protection;
use crate::instance::EntryBody;
use crate::instance::Error as InstanceError;
use crate::instance::{get_recorded_entry, record_instance_entry};
use diced_open_dice::Hidden;
-use libfdt::{Fdt, FdtNode};
+use libfdt::Fdt;
use log::{error, info};
use pvmfw_avb::Capability;
use pvmfw_avb::VerifiedBootData;
@@ -155,21 +156,9 @@
}
fn should_defer_rollback_protection(fdt: &Fdt) -> Result<bool, RebootReason> {
- let Some(node) = avf_untrusted_node(fdt)? else { return Ok(false) };
- let defer_rbp = node
- .getprop(c"defer-rollback-protection")
- .map_err(|e| {
- error!("Failed to get defer-rollback-protection property in DT: {e}");
- RebootReason::InvalidFdt
- })?
- .is_some();
- Ok(defer_rbp)
-}
-
-fn avf_untrusted_node(fdt: &Fdt) -> Result<Option<FdtNode>, RebootReason> {
- let node = fdt.node(c"/avf/untrusted").map_err(|e| {
- error!("Failed to get /avf/untrusted node: {e}");
+ let defer_rbp = read_defer_rollback_protection(fdt).map_err(|e| {
+ error!("Failed to get defer-rollback-protection property in DT: {e}");
RebootReason::InvalidFdt
})?;
- Ok(node)
+ Ok(defer_rbp.is_some())
}