[dice] Map and read the DICE data in service VM
This cl first maps the DICE range as read-only data and then
parses it as BccHandover data.
The whole process is checked in rialto_test.
Test: atest rialto_test
Bug: 287233786
Change-Id: Icebd60b0a858373dd6ba1efa02d2a31bb0066a7b
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index f8f6d51..7b5cf81 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -31,6 +31,7 @@
use ciborium_io::Write;
use core::num::NonZeroUsize;
use core::slice;
+use diced_open_dice::bcc_handover_parse;
use fdtpci::PciInfo;
use hyp::{get_mem_sharer, get_mmio_guard};
use libfdt::FdtError;
@@ -136,8 +137,21 @@
VmType::ProtectedVm => {
let dice_range = read_dice_range_from(fdt)?;
info!("DICE range: {dice_range:#x?}");
- // TODO(b/287233786): Read the bcc_handover from the given range.
- Some(dice_range)
+ // SAFETY: This region was written by pvmfw in its writable_data region. The region
+ // has no overlap with the main memory region and is safe to be mapped as read-only
+ // data.
+ let res = unsafe {
+ MEMORY.lock().as_mut().unwrap().alloc_range_outside_main_memory(&dice_range)
+ };
+ res.map_err(|e| {
+ error!("Failed to use DICE range from DT: {dice_range:#x?}");
+ e
+ })?;
+ let dice_start = dice_range.start as *const u8;
+ // SAFETY: There's no memory overlap and the region is mapped as read-only data.
+ let bcc_handover = unsafe { slice::from_raw_parts(dice_start, dice_range.len()) };
+ let bcc_handover = bcc_handover_parse(bcc_handover)?;
+ Some(bcc_handover)
}
// Currently, no DICE data is retrieved for non-protected VMs, as these VMs are solely
// intended for debugging purposes.