vmbase: Provide baremetal DiceClearMemory() as lib
As libdiced_open_dice_nostd has a missing symbol, DiceClearMemory(),
that must be provided at link time, export it for all (baremetal)
clients of vmbase as a static library to be linked into their
final executable.
Link it into pvmfw and Rialto and remove their duped implementations.
Bug: 357008987
Test: m libvmbase_dice_clear_memory pvmfw_bin rialto_bin
Change-Id: I8d28e0ec11e1407c71de3e8f5c75069389151141
diff --git a/guest/pvmfw/Android.bp b/guest/pvmfw/Android.bp
index cd09579..5c767a3 100644
--- a/guest/pvmfw/Android.bp
+++ b/guest/pvmfw/Android.bp
@@ -277,6 +277,7 @@
],
static_libs: [
"libpvmfw",
+ "libvmbase_dice_clear_memory",
],
linker_scripts: [
"image.ld",
diff --git a/guest/pvmfw/src/dice.rs b/guest/pvmfw/src/dice.rs
index 470711f..f3a2337 100644
--- a/guest/pvmfw/src/dice.rs
+++ b/guest/pvmfw/src/dice.rs
@@ -169,29 +169,6 @@
}
}
-/// Flushes data caches over the provided address range.
-///
-/// # Safety
-///
-/// The provided address and size must be to an address range that is valid for read and write
-/// (typically on the stack, .bss, .data, or provided BCC) from a single allocation
-/// (e.g. stack array).
-#[no_mangle]
-#[cfg(not(test))]
-unsafe extern "C" fn DiceClearMemory(
- _ctx: *mut core::ffi::c_void,
- size: usize,
- addr: *mut core::ffi::c_void,
-) {
- use core::slice;
- use vmbase::memory::flushed_zeroize;
-
- // SAFETY: We require our caller to provide a valid range within a single object. The open-dice
- // always calls this on individual stack-allocated arrays which ensures that.
- let region = unsafe { slice::from_raw_parts_mut(addr as *mut u8, size) };
- flushed_zeroize(region)
-}
-
#[cfg(test)]
mod tests {
use crate::{
diff --git a/guest/rialto/Android.bp b/guest/rialto/Android.bp
index 8afb8ba..a525168 100644
--- a/guest/rialto/Android.bp
+++ b/guest/rialto/Android.bp
@@ -35,6 +35,7 @@
],
static_libs: [
"librialto",
+ "libvmbase_dice_clear_memory",
],
linker_scripts: [
"image.ld",
diff --git a/guest/rialto/src/main.rs b/guest/rialto/src/main.rs
index 244010d..0b79e1e 100644
--- a/guest/rialto/src/main.rs
+++ b/guest/rialto/src/main.rs
@@ -199,28 +199,6 @@
}
}
-/// Flushes data caches over the provided address range.
-///
-/// # Safety
-///
-/// The provided address and size must be to an address range that is valid for read and write
-/// (typically on the stack, .bss, .data, or provided BCC) from a single allocation
-/// (e.g. stack array).
-#[no_mangle]
-unsafe extern "C" fn DiceClearMemory(
- _ctx: *mut core::ffi::c_void,
- size: usize,
- addr: *mut core::ffi::c_void,
-) {
- use core::slice;
- use vmbase::memory::flushed_zeroize;
-
- // SAFETY: We require our caller to provide a valid range within a single object. The open-dice
- // always calls this on individual stack-allocated arrays which ensures that.
- let region = unsafe { slice::from_raw_parts_mut(addr as *mut u8, size) };
- flushed_zeroize(region)
-}
-
generate_image_header!();
main!(main);
configure_heap!(SIZE_128KB * 2);
diff --git a/libs/dice/clear_memory/Android.bp b/libs/dice/clear_memory/Android.bp
new file mode 100644
index 0000000..408e931
--- /dev/null
+++ b/libs/dice/clear_memory/Android.bp
@@ -0,0 +1,15 @@
+package {
+ default_visibility: [":__subpackages__"],
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_ffi_static {
+ name: "libvmbase_dice_clear_memory",
+ crate_name: "vmbase_dice_clear_memory",
+ defaults: ["vmbase_ffi_defaults"],
+ srcs: ["src/lib.rs"],
+ rustlibs: ["libvmbase"],
+ visibility: [
+ "//packages/modules/Virtualization:__subpackages__",
+ ],
+}
diff --git a/libs/dice/clear_memory/src/lib.rs b/libs/dice/clear_memory/src/lib.rs
new file mode 100644
index 0000000..2a13396
--- /dev/null
+++ b/libs/dice/clear_memory/src/lib.rs
@@ -0,0 +1,37 @@
+// Copyright 2024, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Routine for clearing memory containing confidential data, used by the open-dice library.
+//!
+//! Clients should link against this library along the libopen_dice_*_baremetal libraries.
+
+#![no_std]
+
+use core::ffi::c_void;
+use core::slice;
+use vmbase::memory::flushed_zeroize;
+
+/// Zeroes data over the provided address range & flushes data caches.
+///
+/// # Safety
+///
+/// The provided address and size must be to an address range that is valid for read and write
+/// from a single allocation (e.g. stack array).
+#[no_mangle]
+unsafe extern "C" fn DiceClearMemory(_ctx: *mut c_void, size: usize, addr: *mut c_void) {
+ // SAFETY: We require our caller to provide a valid range within a single object. The
+ // open-dice always calls this on individual stack-allocated arrays which ensures that.
+ let region = unsafe { slice::from_raw_parts_mut(addr as *mut u8, size) };
+ flushed_zeroize(region);
+}