pvmfw: main: Introduce DICE helper functions
Refactor for supporting optionally skipping DICE.
Note: No functional change intended.
Test: m pvmfw
Bug: 393977894
Change-Id: I82287a6ef3ba6a665ef99afedd613949154e36c9
diff --git a/guest/pvmfw/src/main.rs b/guest/pvmfw/src/main.rs
index a4acf04..bef6fcb 100644
--- a/guest/pvmfw/src/main.rs
+++ b/guest/pvmfw/src/main.rs
@@ -37,8 +37,11 @@
use crate::rollback::perform_rollback_protection;
use alloc::borrow::Cow;
use alloc::boxed::Box;
+use alloc::vec::Vec;
use bssl_avf::Digester;
-use diced_open_dice::{bcc_handover_parse, DiceArtifacts, DiceContext, Hidden, VM_KEY_ALGORITHM};
+use diced_open_dice::{
+ bcc_handover_parse, DiceArtifacts, DiceContext, Hidden, HIDDEN_SIZE, VM_KEY_ALGORITHM,
+};
use libfdt::Fdt;
use log::{debug, error, info, trace, warn};
use pvmfw_avb::verify_payload;
@@ -67,20 +70,12 @@
debug!("Ramdisk: None");
}
- let dice_handover = bcc_handover_parse(current_dice_handover).map_err(|e| {
- error!("Invalid DICE Handover: {e:?}");
- RebootReason::InvalidDiceHandover
- })?;
- trace!("DICE handover: {dice_handover:x?}");
-
- let dice_chain_info = DiceChainInfo::new(dice_handover.bcc()).map_err(|e| {
- error!("{e}");
- RebootReason::InvalidDiceHandover
- })?;
+ let (dice_handover_bytes, dice_cdi_seal, dice_context, dice_debug_mode) =
+ parse_dice_handover(current_dice_handover)?;
// The bootloader should never pass us a debug policy when the boot is secure (the bootloader
// is locked). If it gets it wrong, disregard it & log it, to avoid it causing problems.
- if debug_policy.is_some() && !dice_chain_info.is_debug_mode() {
+ if debug_policy.is_some() && !dice_debug_mode {
warn!("Ignoring debug policy, DICE handover does not indicate Debug mode");
debug_policy = None;
}
@@ -101,67 +96,25 @@
sanitize_device_tree(untrusted_fdt, vm_dtbo, vm_ref_dt, guest_page_size, hyp_page_size)?;
let fdt = untrusted_fdt; // DT has now been sanitized.
- let next_dice_handover_size = guest_page_size;
- let next_dice_handover = heap::aligned_boxed_slice(next_dice_handover_size, guest_page_size)
- .ok_or_else(|| {
- error!("Failed to allocate the next-stage DICE handover");
- RebootReason::InternalError
- })?;
- // By leaking the slice, its content will be left behind for the next stage.
- let next_dice_handover = Box::leak(next_dice_handover);
-
let instance_hash = salt_from_instance_id(fdt)?;
let dice_inputs = PartialInputs::new(&verified_boot_data, instance_hash).map_err(|e| {
error!("Failed to compute partial DICE inputs: {e:?}");
RebootReason::InternalError
})?;
- let (new_instance, salt, defer_rollback_protection) = perform_rollback_protection(
- fdt,
- &verified_boot_data,
- &dice_inputs,
- dice_handover.cdi_seal(),
- )?;
+ let (new_instance, salt, defer_rollback_protection) =
+ perform_rollback_protection(fdt, &verified_boot_data, &dice_inputs, &dice_cdi_seal)?;
trace!("Got salt for instance: {salt:x?}");
- let new_dice_handover = if cfg!(dice_changes) {
- Cow::Borrowed(current_dice_handover)
- } else {
- // It is possible that the DICE chain we were given is rooted in the UDS. We do not want to
- // give such a chain to the payload, or even the associated CDIs. So remove the
- // entire chain we were given and taint the CDIs. Note that the resulting CDIs are
- // still deterministically derived from those we received, so will vary iff they do.
- // TODO(b/280405545): Remove this post Android 14.
- let truncated_dice_handover = dice::chain::truncate(dice_handover).map_err(|e| {
- error!("{e}");
- RebootReason::InternalError
- })?;
- Cow::Owned(truncated_dice_handover)
- };
-
- let cose_alg = dice_chain_info.leaf_subject_pubkey().cose_alg;
- trace!("DICE chain leaf subject public key algorithm: {:?}", cose_alg);
-
- let dice_context = DiceContext {
- authority_algorithm: cose_alg.try_into().map_err(|e| {
- error!("{e}");
- RebootReason::InternalError
- })?,
- subject_algorithm: VM_KEY_ALGORITHM,
- };
- dice_inputs
- .write_next_handover(
- new_dice_handover.as_ref(),
- &salt,
- defer_rollback_protection,
- next_dice_handover,
- dice_context,
- )
- .map_err(|e| {
- error!("Failed to derive next-stage DICE secrets: {e:?}");
- RebootReason::SecretDerivationError
- })?;
- flush(next_dice_handover);
+ let next_dice_handover = perform_dice_derivation(
+ dice_handover_bytes.as_ref(),
+ dice_context,
+ dice_inputs,
+ &salt,
+ defer_rollback_protection,
+ guest_page_size,
+ guest_page_size,
+ )?;
let kaslr_seed = u64::from_ne_bytes(rand::random_array().map_err(|e| {
error!("Failed to generated guest KASLR seed: {e}");
@@ -186,6 +139,84 @@
Ok((next_dice_handover, debuggable))
}
+fn parse_dice_handover(
+ bytes: &[u8],
+) -> Result<(Cow<'_, [u8]>, Vec<u8>, DiceContext, bool), RebootReason> {
+ let dice_handover = bcc_handover_parse(bytes).map_err(|e| {
+ error!("Invalid DICE Handover: {e:?}");
+ RebootReason::InvalidDiceHandover
+ })?;
+ trace!("DICE handover: {dice_handover:x?}");
+
+ let dice_chain_info = DiceChainInfo::new(dice_handover.bcc()).map_err(|e| {
+ error!("{e}");
+ RebootReason::InvalidDiceHandover
+ })?;
+ let is_debug_mode = dice_chain_info.is_debug_mode();
+ let cose_alg = dice_chain_info.leaf_subject_pubkey().cose_alg;
+ trace!("DICE chain leaf subject public key algorithm: {:?}", cose_alg);
+
+ let dice_context = DiceContext {
+ authority_algorithm: cose_alg.try_into().map_err(|e| {
+ error!("{e}");
+ RebootReason::InternalError
+ })?,
+ subject_algorithm: VM_KEY_ALGORITHM,
+ };
+
+ let cdi_seal = dice_handover.cdi_seal().to_vec();
+
+ let bytes_for_next = if cfg!(dice_changes) {
+ Cow::Borrowed(bytes)
+ } else {
+ // It is possible that the DICE chain we were given is rooted in the UDS. We do not want to
+ // give such a chain to the payload, or even the associated CDIs. So remove the
+ // entire chain we were given and taint the CDIs. Note that the resulting CDIs are
+ // still deterministically derived from those we received, so will vary iff they do.
+ // TODO(b/280405545): Remove this post Android 14.
+ let truncated_bytes = dice::chain::truncate(dice_handover).map_err(|e| {
+ error!("{e}");
+ RebootReason::InternalError
+ })?;
+ Cow::Owned(truncated_bytes)
+ };
+
+ Ok((bytes_for_next, cdi_seal, dice_context, is_debug_mode))
+}
+
+fn perform_dice_derivation<'a>(
+ dice_handover_bytes: &[u8],
+ dice_context: DiceContext,
+ dice_inputs: PartialInputs,
+ salt: &[u8; HIDDEN_SIZE],
+ defer_rollback_protection: bool,
+ next_handover_size: usize,
+ next_handover_align: usize,
+) -> Result<&'a [u8], RebootReason> {
+ let next_dice_handover = heap::aligned_boxed_slice(next_handover_size, next_handover_align)
+ .ok_or_else(|| {
+ error!("Failed to allocate the next-stage DICE handover");
+ RebootReason::InternalError
+ })?;
+ // By leaking the slice, its content will be left behind for the next stage.
+ let next_dice_handover = Box::leak(next_dice_handover);
+
+ dice_inputs
+ .write_next_handover(
+ dice_handover_bytes.as_ref(),
+ salt,
+ defer_rollback_protection,
+ next_dice_handover,
+ dice_context,
+ )
+ .map_err(|e| {
+ error!("Failed to derive next-stage DICE secrets: {e:?}");
+ RebootReason::SecretDerivationError
+ })?;
+ flush(next_dice_handover);
+ Ok(next_dice_handover)
+}
+
// Get the "salt" which is one of the input for DICE derivation.
// This provides differentiation of secrets for different VM instances with same payloads.
fn salt_from_instance_id(fdt: &Fdt) -> Result<Option<Hidden>, RebootReason> {