Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 5565f24a7e4d40c0e65e3a0381f1250ba13f6661^! / . / microdroid_manager / src / dice.rs
commit5565f24a7e4d40c0e65e3a0381f1250ba13f6661[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Wed Mar 06 12:00:50 2024 +0000
committerShikha Panwar <shikhapanwar@google.com>Wed Mar 06 14:17:02 2024 +0000
tree35d450c54b7c8c9866cb23b4cd8e79982a5310f3
parentd934a375fc0924086ba8778d0583c138eac48356 [diff] [blame]
Revert "Make salt in Microdroid's instance img obsolete"

Revert submission 2982081

Reason for revert: There are tests failing which needs modification. Revert for immediate mitigation.
Reverted changes: /q/submissionid:2982081

Change-Id: I3e55e75e5810b06829ce66149516204e5dc81ff1

diff --git a/microdroid_manager/src/dice.rs b/microdroid_manager/src/dice.rs
index 2469325..a8b88aa 100644
--- a/microdroid_manager/src/dice.rs
+++ b/microdroid_manager/src/dice.rs

@@ -14,11 +14,11 @@
 
 use crate::dice_driver::DiceDriver;
 use crate::instance::{ApexData, ApkData};
-use crate::{is_debuggable, is_strict_boot, MicrodroidData};
+use crate::{is_debuggable, MicrodroidData};
 use anyhow::{bail, Context, Result};
 use ciborium::{cbor, Value};
 use coset::CborSerializable;
-use diced_open_dice::{Hidden, OwnedDiceArtifacts, HIDDEN_SIZE};
+use diced_open_dice::OwnedDiceArtifacts;
 use microdroid_metadata::PayloadMetadata;
 use openssl::sha::{sha512, Sha512};
 use std::iter::once;
@@ -53,37 +53,10 @@
     let debuggable = is_debuggable()?;
 
     // Send the details to diced
-    let hidden = if cfg!(llpvm_changes) {
-        hidden_input_from_instance_id()?
-    } else {
-        instance_data.salt.clone().try_into().unwrap()
-    };
+    let hidden = instance_data.salt.clone().try_into().unwrap();
     dice.derive(code_hash, &config_descriptor, authority_hash, debuggable, hidden)
 }
 
-// Get the "Hidden input" for DICE derivation.
-// This provides differentiation of secrets for different VM instances with same payload.
-fn hidden_input_from_instance_id() -> Result<Hidden> {
-    // For protected VM: this is all 0s, pvmfw ensures differentiation is added early in secrets.
-    // For non-protected VM: this is derived from instance_id of the VM instance.
-    let hidden_input = if !is_strict_boot() {
-        if let Some(id) = super::get_instance_id()? {
-            sha512(&id)
-        } else {
-            // TODO(b/325094712): Absence of instance_id occurs due to missing DT in some
-            // x86_64 test devices (such as Cuttlefish). From security perspective, this is
-            // acceptable for non-protected VM.
-            log::warn!(
-                "Instance Id missing, this may lead to 2 non protected VMs having same secrets"
-            );
-            [0u8; HIDDEN_SIZE]
-        }
-    } else {
-        [0u8; HIDDEN_SIZE]
-    };
-    Ok(hidden_input)
-}
-
 struct Subcomponent {
     name: String,
     version: u64,