Make the RKP VM marker affect the sealing CDI
Modify the DICE hidden input to depend on whether the VM is the RKP VM
or not, to ensure that it always gets a different sealing CDI.
Bug: 323523191
Test: atest rialto_test MicrodroidTests
Change-Id: Iaf7d39dfee6ebf316e957434f86070b8cb272e9a
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 9a2b3ef..6a6d199 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -110,6 +110,7 @@
"libciborium",
"libdiced_open_dice_nostd",
"libpvmfw_avb_nostd",
+ "libzerocopy_nostd",
],
}
diff --git a/pvmfw/src/dice.rs b/pvmfw/src/dice.rs
index 99bf589..540fd03 100644
--- a/pvmfw/src/dice.rs
+++ b/pvmfw/src/dice.rs
@@ -21,6 +21,7 @@
Hash, InputValues, HIDDEN_SIZE,
};
use pvmfw_avb::{Capability, DebugLevel, Digest, VerifiedBootData};
+use zerocopy::AsBytes;
fn to_dice_mode(debug_level: DebugLevel) -> DiceMode {
match debug_level {
@@ -72,12 +73,30 @@
Config::Descriptor(config),
self.auth_hash,
self.mode,
- *salt,
+ self.make_hidden(salt)?,
);
let _ = bcc_handover_main_flow(current_bcc_handover, &dice_inputs, next_bcc)?;
Ok(())
}
+ fn make_hidden(&self, salt: &[u8; HIDDEN_SIZE]) -> diced_open_dice::Result<[u8; HIDDEN_SIZE]> {
+ // We want to make sure we get a different sealing CDI for:
+ // - VMs with different salt values
+ // - An RKP VM and any other VM (regardless of salt)
+ // The hidden input for DICE affects the sealing CDI (but the values in the config
+ // descriptor do not).
+ // Since the hidden input has to be a fixed size, create it as a hash of the values we
+ // want included.
+ #[derive(AsBytes)]
+ #[repr(C, packed)]
+ struct HiddenInput {
+ rkp_vm_marker: bool,
+ salt: [u8; HIDDEN_SIZE],
+ }
+
+ hash(HiddenInput { rkp_vm_marker: self.rkp_vm_marker, salt: *salt }.as_bytes())
+ }
+
fn generate_config_descriptor<'a>(
&self,
config_descriptor_buffer: &'a mut [u8],