pvmfw: Validate input BCC handover Ensure that the BCC contained in the configuration data is properly formatted as a "BCC Handover" [1] i.e. a CBOR-encoded map BccHandover = { 1 : bstr .size 32, ; CDI_Attest 2 : bstr .size 32, ; CDI_Seal 3 : Bcc, ; Certificate chain } If not, abort the pVM boot. [1]: https://pigweed.googlesource.com/open-dice/+/72ad792c4d9ffffef3412801b5da46568a6b3197/src/android/bcc.c#260 Bug: 256827715 Test: atest MicrodroidHostTests Change-Id: Ibade0ebd1e50d912a59b32c1282022aa46235501

commit: 8edf72eafa4b1f4aa5c726a0573b6c2e18b49543 [log] [tgz]
author: Pierre-Clément Tosi <ptosi@google.com> Tue Dec 06 16:02:57 2022 +0000
committer: Pierre-Clément Tosi <ptosi@google.com> Thu Dec 08 16:29:12 2022 +0000
tree: 338cb1bf33c84467294ba691851ff9c4a1b43a28
parent: db14ada78bdfceac6f1a566815881d04c5f760c3 [diff] [blame]
diff --git a/libs/dice/src/lib.rs b/libs/dice/src/lib.rs
index 862f3e9..43d167f 100644
--- a/libs/dice/src/lib.rs
+++ b/libs/dice/src/lib.rs

@@ -28,8 +28,13 @@
 use open_dice_cbor_bindgen::DiceResult_kDiceResultOk as DICE_RESULT_OK;
 use open_dice_cbor_bindgen::DiceResult_kDiceResultPlatformError as DICE_RESULT_PLATFORM_ERROR;
 
+pub mod bcc;
+
+const CDI_SIZE: usize = open_dice_cbor_bindgen::DICE_CDI_SIZE as usize;
 const HASH_SIZE: usize = open_dice_cbor_bindgen::DICE_HASH_SIZE as usize;
 
+/// Array type of CDIs.
+pub type Cdi = [u8; CDI_SIZE];
 /// Array type of hashes used by DICE.
 pub type Hash = [u8; HASH_SIZE];
commit	8edf72eafa4b1f4aa5c726a0573b6c2e18b49543	[log] [tgz]
author	Pierre-Clément Tosi <ptosi@google.com>	Tue Dec 06 16:02:57 2022 +0000
committer	Pierre-Clément Tosi <ptosi@google.com>	Thu Dec 08 16:29:12 2022 +0000
tree	338cb1bf33c84467294ba691851ff9c4a1b43a28
parent	db14ada78bdfceac6f1a566815881d04c5f760c3 [diff] [blame]