[dice] Use libdice_open_dice_nostd for DICE functions in pvmfw
This cl migrate two calls of bcc functions in pvmfw from
libdice_nostd to libdice_open_dice_nostd and removes the library
libdice_nostd.
libdice_open_dice_nostd is compiled from the same Rust code as
libdice_open_dice. The latter is used for DICE derivation inside
Microdroid and both libraries are covered by tests. It's better to
switch to libdice_open_dice_nostd than maintaining another copy of
open-dice wrapper.
As pvmfw already depends on libdice_open_dice_nostd prior to this cl,
this cl shouldn't cause build problems.
Test: m pvmfw_img
Bug: 267575445
Change-Id: I8d5688998754540fcc7b4082bd67cee237f229b4
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index f7774e4..ba26114 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -46,7 +46,7 @@
memory::MemoryTracker,
virtio::pci::{self, find_virtio_devices},
};
-use ::dice::bcc;
+use diced_open_dice::{bcc_handover_main_flow, bcc_handover_parse, HIDDEN_SIZE};
use fdtpci::{PciError, PciInfo};
use libfdt::Fdt;
use log::{debug, error, info, trace};
@@ -59,7 +59,7 @@
fdt: &mut Fdt,
signed_kernel: &[u8],
ramdisk: Option<&[u8]>,
- bcc: &bcc::Handover,
+ current_bcc_handover: &[u8],
memory: &mut MemoryTracker,
) -> Result<(), RebootReason> {
info!("pVM firmware");
@@ -71,7 +71,11 @@
} else {
debug!("Ramdisk: None");
}
- trace!("BCC: {bcc:x?}");
+ let bcc_handover = bcc_handover_parse(current_bcc_handover).map_err(|e| {
+ error!("Invalid BCC Handover: {e:?}");
+ RebootReason::InvalidBcc
+ })?;
+ trace!("BCC: {bcc_handover:x?}");
// Set up PCI bus for VirtIO devices.
let pci_info = PciInfo::from_fdt(fdt).map_err(handle_pci_error)?;
@@ -95,12 +99,12 @@
error!("Failed to compute partial DICE inputs: {e:?}");
RebootReason::InternalError
})?;
- let salt = [0; ::dice::HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
+ let salt = [0; HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
let dice_inputs = dice_inputs.into_input_values(&salt).map_err(|e| {
error!("Failed to generate DICE inputs: {e:?}");
RebootReason::InternalError
})?;
- let _ = bcc.main_flow(&dice_inputs, next_bcc).map_err(|e| {
+ let _ = bcc_handover_main_flow(current_bcc_handover, &dice_inputs, next_bcc).map_err(|e| {
error!("Failed to derive next-stage DICE secrets: {e:?}");
RebootReason::SecretDerivationError
})?;