pvmfw: refactor: Generalize BCC DT node creation
As we expect to pass more data to the next stage than the BCC alone,
introduce a way for main() to collect the various settings influencing
the final DT operations.
Note: No functional change intended.
Bug: 268307476
Test: atest MicrodroidHostTests
Change-Id: I7b8f812ffc622c2cd527e1c3247267cc87be1b9e
diff --git a/libs/libfdt/src/lib.rs b/libs/libfdt/src/lib.rs
index 927bf50..1d295eb 100644
--- a/libs/libfdt/src/lib.rs
+++ b/libs/libfdt/src/lib.rs
@@ -405,6 +405,24 @@
fdt_err_expect_zero(ret)
}
+ /// Create or change a flag-like empty property.
+ pub fn setprop_empty(&mut self, name: &CStr) -> Result<()> {
+ self.setprop(name, &[])
+ }
+
+ /// Delete the given property.
+ pub fn delprop(&mut self, name: &CStr) -> Result<()> {
+ // SAFETY - Accesses are constrained to the DT totalsize (validated by ctor) when the
+ // library locates the node's property. Removing the property may shift the offsets of
+ // other nodes and properties but the borrow checker should prevent this function from
+ // being called when FdtNode instances are in use.
+ let ret = unsafe {
+ libfdt_bindgen::fdt_delprop(self.fdt.as_mut_ptr(), self.offset, name.as_ptr())
+ };
+
+ fdt_err_expect_zero(ret)
+ }
+
/// Get reference to the containing device tree.
pub fn fdt(&mut self) -> &mut Fdt {
self.fdt
@@ -561,6 +579,11 @@
self.node(CStr::from_bytes_with_nul(b"/chosen\0").unwrap())
}
+ /// Retrieve the standard /chosen node as mutable.
+ pub fn chosen_mut(&mut self) -> Result<Option<FdtNodeMut>> {
+ self.node_mut(CStr::from_bytes_with_nul(b"/chosen\0").unwrap())
+ }
+
/// Get the root node of the tree.
pub fn root(&self) -> Result<FdtNode> {
self.node(CStr::from_bytes_with_nul(b"/\0").unwrap())?.ok_or(FdtError::Internal)
diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index b735b9c..793eaac 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -16,6 +16,8 @@
use core::ffi::CStr;
use core::ops::Range;
+use libfdt::Fdt;
+use libfdt::FdtError;
/// Extract from /config the address range containing the pre-loaded kernel.
pub fn kernel_range(fdt: &libfdt::Fdt) -> libfdt::Result<Option<Range<usize>>> {
@@ -49,10 +51,35 @@
Ok(None)
}
-/// Add a "google,open-dice"-compatible reserved-memory node to the tree.
-pub fn add_dice_node(fdt: &mut libfdt::Fdt, addr: usize, size: usize) -> libfdt::Result<()> {
+/// Modifies the input DT according to the fields of the configuration.
+pub fn modify_for_next_stage(
+ fdt: &mut Fdt,
+ bcc: &[u8],
+ new_instance: bool,
+ strict_boot: bool,
+) -> libfdt::Result<()> {
fdt.unpack()?;
+ add_dice_node(fdt, bcc.as_ptr() as usize, bcc.len())?;
+
+ set_or_clear_chosen_flag(
+ fdt,
+ CStr::from_bytes_with_nul(b"avf,strict-boot\0").unwrap(),
+ strict_boot,
+ )?;
+ set_or_clear_chosen_flag(
+ fdt,
+ CStr::from_bytes_with_nul(b"avf,new-instance\0").unwrap(),
+ new_instance,
+ )?;
+
+ fdt.pack()?;
+
+ Ok(())
+}
+
+/// Add a "google,open-dice"-compatible reserved-memory node to the tree.
+fn add_dice_node(fdt: &mut Fdt, addr: usize, size: usize) -> libfdt::Result<()> {
let reserved_memory = CStr::from_bytes_with_nul(b"/reserved-memory\0").unwrap();
// We reject DTs with missing reserved-memory node as validation should have checked that the
// "swiotlb" subnode (compatible = "restricted-dma-pool") was present.
@@ -67,10 +94,25 @@
let no_map = CStr::from_bytes_with_nul(b"no-map\0").unwrap();
dice.appendprop(no_map, &[])?;
+ let addr = addr.try_into().unwrap();
+ let size = size.try_into().unwrap();
let reg = CStr::from_bytes_with_nul(b"reg\0").unwrap();
- dice.appendprop_addrrange(reg, addr as u64, size as u64)?;
+ dice.appendprop_addrrange(reg, addr, size)?;
- fdt.pack()?;
+ Ok(())
+}
+
+fn set_or_clear_chosen_flag(fdt: &mut Fdt, flag: &CStr, value: bool) -> libfdt::Result<()> {
+ // TODO(b/249054080): Refactor to not panic if the DT doesn't contain a /chosen node.
+ let mut chosen = fdt.chosen_mut()?.unwrap();
+ if value {
+ chosen.setprop_empty(flag)?;
+ } else {
+ match chosen.delprop(flag) {
+ Ok(()) | Err(FdtError::NotFound) => (),
+ Err(e) => return Err(e),
+ }
+ }
Ok(())
}
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 2e56597..223c24e 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -37,15 +37,14 @@
use alloc::boxed::Box;
-use crate::{
- dice::PartialInputs,
- entry::RebootReason,
- fdt::add_dice_node,
- helpers::flush,
- helpers::GUEST_PAGE_SIZE,
- memory::MemoryTracker,
- virtio::pci::{self, find_virtio_devices},
-};
+use crate::dice::PartialInputs;
+use crate::entry::RebootReason;
+use crate::fdt::modify_for_next_stage;
+use crate::helpers::flush;
+use crate::helpers::GUEST_PAGE_SIZE;
+use crate::memory::MemoryTracker;
+use crate::virtio::pci;
+use crate::virtio::pci::find_virtio_devices;
use diced_open_dice::{bcc_handover_main_flow, bcc_handover_parse, HIDDEN_SIZE};
use fdtpci::{PciError, PciInfo};
use libfdt::Fdt;
@@ -99,7 +98,7 @@
error!("Failed to compute partial DICE inputs: {e:?}");
RebootReason::InternalError
})?;
- let salt = [0; HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
+ let (new_instance, salt) = (false, [0; HIDDEN_SIZE]); // TODO(b/249723852): instance.img.
let dice_inputs = dice_inputs.into_input_values(&salt).map_err(|e| {
error!("Failed to generate DICE inputs: {e:?}");
RebootReason::InternalError
@@ -110,8 +109,9 @@
})?;
flush(next_bcc);
- add_dice_node(fdt, next_bcc.as_ptr() as usize, NEXT_BCC_SIZE).map_err(|e| {
- error!("Failed to add DICE node to device tree: {e}");
+ let strict_boot = false; // TODO(b/268307476): Flip in its own commit to isolate testing.
+ modify_for_next_stage(fdt, next_bcc, new_instance, strict_boot).map_err(|e| {
+ error!("Failed to configure device tree: {e}");
RebootReason::InternalError
})?;