Merge "Increase max VM memory for CompOS"
diff --git a/libs/dice/Android.bp b/libs/dice/Android.bp
index 8017cff..71cf0f1 100644
--- a/libs/dice/Android.bp
+++ b/libs/dice/Android.bp
@@ -11,6 +11,7 @@
prefer_rlib: true,
stdlibs: ["libcore.rust_sysroot"],
rustlibs: [
+ "libdiced_open_dice_nostd",
"libopen_dice_cbor_bindgen_nostd",
"libopen_dice_bcc_bindgen_nostd",
],
diff --git a/libs/dice/src/bcc.rs b/libs/dice/src/bcc.rs
index 6dc0cc3..18b5083 100644
--- a/libs/dice/src/bcc.rs
+++ b/libs/dice/src/bcc.rs
@@ -24,7 +24,6 @@
use open_dice_bcc_bindgen::BccFormatConfigDescriptor;
use open_dice_bcc_bindgen::BccHandoverMainFlow;
use open_dice_bcc_bindgen::BccHandoverParse;
-use open_dice_bcc_bindgen::DiceInputValues;
use open_dice_bcc_bindgen::BCC_INPUT_COMPONENT_NAME;
use open_dice_bcc_bindgen::BCC_INPUT_COMPONENT_VERSION;
use open_dice_bcc_bindgen::BCC_INPUT_RESETTABLE;
@@ -99,7 +98,7 @@
context,
self.buffer.as_ptr(),
self.buffer.len(),
- input_values as *const _ as *const DiceInputValues,
+ input_values.as_ptr(),
buffer.len(),
buffer.as_mut_ptr(),
&mut size as *mut usize,
diff --git a/libs/dice/src/lib.rs b/libs/dice/src/lib.rs
index 5332092..f0ac2ae 100644
--- a/libs/dice/src/lib.rs
+++ b/libs/dice/src/lib.rs
@@ -19,16 +19,12 @@
#![no_std]
use core::fmt;
-use core::mem;
-use core::ptr;
use core::result;
+pub use diced_open_dice::{Config, Hash, InputValues, HASH_SIZE};
pub use open_dice_cbor_bindgen::DiceMode;
-use open_dice_cbor_bindgen::DiceConfigType_kDiceConfigTypeDescriptor as DICE_CONFIG_TYPE_DESCRIPTOR;
-use open_dice_cbor_bindgen::DiceConfigType_kDiceConfigTypeInline as DICE_CONFIG_TYPE_INLINE;
use open_dice_cbor_bindgen::DiceHash;
-use open_dice_cbor_bindgen::DiceInputValues;
use open_dice_cbor_bindgen::DiceResult;
use open_dice_cbor_bindgen::DiceResult_kDiceResultBufferTooSmall as DICE_RESULT_BUFFER_TOO_SMALL;
use open_dice_cbor_bindgen::DiceResult_kDiceResultInvalidInput as DICE_RESULT_INVALID_INPUT;
@@ -38,18 +34,9 @@
pub mod bcc;
const CDI_SIZE: usize = open_dice_cbor_bindgen::DICE_CDI_SIZE as usize;
-const HASH_SIZE: usize = open_dice_cbor_bindgen::DICE_HASH_SIZE as usize;
-const HIDDEN_SIZE: usize = open_dice_cbor_bindgen::DICE_HIDDEN_SIZE as usize;
-const INLINE_CONFIG_SIZE: usize = open_dice_cbor_bindgen::DICE_INLINE_CONFIG_SIZE as usize;
/// Array type of CDIs.
pub type Cdi = [u8; CDI_SIZE];
-/// Array type of hashes used by DICE.
-pub type Hash = [u8; HASH_SIZE];
-/// Array type of additional input.
-pub type Hidden = [u8; HIDDEN_SIZE];
-/// Array type of inline configuration values.
-pub type InlineConfig = [u8; INLINE_CONFIG_SIZE];
/// Error type used by DICE.
pub enum Error {
@@ -87,59 +74,6 @@
}
}
-/// DICE configuration input type.
-#[derive(Debug)]
-pub enum ConfigType<'a> {
- /// Uses the formatted 64-byte configuration input value (See the Open Profile for DICE).
- Inline(InlineConfig),
- /// Uses the 64-byte hash of more configuration data.
- Descriptor(&'a [u8]),
-}
-
-/// Set of DICE inputs.
-#[repr(transparent)]
-#[derive(Clone, Debug)]
-pub struct InputValues(DiceInputValues);
-
-impl InputValues {
- /// Wrap the DICE inputs in a InputValues, expected by bcc::main_flow().
- pub fn new(
- code_hash: &Hash,
- code_descriptor: Option<&[u8]>,
- config: &ConfigType,
- auth_hash: Option<&Hash>,
- auth_descriptor: Option<&[u8]>,
- mode: DiceMode,
- hidden: Option<&Hidden>,
- ) -> Self {
- const ZEROED_INLINE_CONFIG: InlineConfig = [0; INLINE_CONFIG_SIZE];
- let (config_type, config_value, config_descriptor) = match config {
- ConfigType::Inline(value) => (DICE_CONFIG_TYPE_INLINE, *value, None),
- ConfigType::Descriptor(desc) => {
- (DICE_CONFIG_TYPE_DESCRIPTOR, ZEROED_INLINE_CONFIG, Some(*desc))
- }
- };
- let (code_descriptor, code_descriptor_size) = as_raw_parts(code_descriptor);
- let (config_descriptor, config_descriptor_size) = as_raw_parts(config_descriptor);
- let (authority_descriptor, authority_descriptor_size) = as_raw_parts(auth_descriptor);
-
- Self(DiceInputValues {
- code_hash: *code_hash,
- code_descriptor,
- code_descriptor_size,
- config_type,
- config_value,
- config_descriptor,
- config_descriptor_size,
- authority_hash: auth_hash.map_or([0; mem::size_of::<Hash>()], |h| *h),
- authority_descriptor,
- authority_descriptor_size,
- mode,
- hidden: hidden.map_or([0; mem::size_of::<Hidden>()], |h| *h),
- })
- }
-}
-
fn ctx() -> *mut core::ffi::c_void {
core::ptr::null_mut()
}
@@ -151,10 +85,3 @@
check_call(unsafe { DiceHash(ctx(), bytes.as_ptr(), bytes.len(), output.as_mut_ptr()) })?;
Ok(output)
}
-
-fn as_raw_parts<T: Sized>(s: Option<&[T]>) -> (*const T, usize) {
- match s {
- Some(s) => (s.as_ptr(), s.len()),
- None => (ptr::null(), 0),
- }
-}
diff --git a/microdroid_manager/src/dice.rs b/microdroid_manager/src/dice.rs
index e740ed4..739c944 100644
--- a/microdroid_manager/src/dice.rs
+++ b/microdroid_manager/src/dice.rs
@@ -17,8 +17,7 @@
use anyhow::{bail, Context, Error, Result};
use byteorder::{NativeEndian, ReadBytesExt};
use diced_open_dice_cbor::{
- Config, ContextImpl, DiceMode, InputValuesOwned, OpenDiceCborContext, CDI_SIZE, HASH_SIZE,
- HIDDEN_SIZE,
+ Config, ContextImpl, DiceMode, Hash, Hidden, InputValuesOwned, OpenDiceCborContext, CDI_SIZE,
};
use keystore2_crypto::ZVec;
use libc::{c_void, mmap, munmap, MAP_FAILED, MAP_PRIVATE, PROT_READ};
@@ -137,11 +136,11 @@
pub fn derive(
self,
- code_hash: [u8; HASH_SIZE],
+ code_hash: Hash,
config_desc: &[u8],
- authority_hash: [u8; HASH_SIZE],
+ authority_hash: Hash,
debug: bool,
- hidden: [u8; HIDDEN_SIZE],
+ hidden: Hidden,
) -> Result<DiceContext> {
let input_values = InputValuesOwned::new(
code_hash,
diff --git a/pvmfw/src/dice.rs b/pvmfw/src/dice.rs
index 49218b0..4e1e60a 100644
--- a/pvmfw/src/dice.rs
+++ b/pvmfw/src/dice.rs
@@ -19,7 +19,7 @@
use dice::bcc::format_config_descriptor;
use dice::bcc::Handover;
use dice::hash;
-use dice::ConfigType;
+use dice::Config;
use dice::DiceMode;
use dice::InputValues;
use pvmfw_avb::{DebugLevel, Digest, VerifiedBootData};
@@ -59,14 +59,13 @@
false, // resettable
)?;
let config = &config_descriptor_buffer[..config_descriptor_size];
- let config = ConfigType::Descriptor(config);
let input_values = InputValues::new(
&code_hash,
None, // code_descriptor
- &config,
- Some(&auth_hash),
- None, // auth_descriptor
+ Config::Descriptor(config),
+ &auth_hash,
+ None, // authority_descriptor
mode,
None, // TODO(b/249723852): Get salt from instance.img (virtio-blk) and/or TRNG.
);