Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / a5604dc96f9892da8b9cc7848e9c8a9f0f1e7de8^! / . / guest / pvmfw / src / main.rs
commita5604dc96f9892da8b9cc7848e9c8a9f0f1e7de8[log] [tgz]
authorPierre-Clément Tosi <ptosi@google.com>Fri Mar 21 19:09:02 2025 +0000
committerPierre-Clément Tosi <ptosi@google.com>Fri Mar 21 19:59:27 2025 +0000
tree74d665a33e1433d9bd95d3392c770a05c01cee25
parent959e7aaa936b6d34b1cccc9de4dd53ba0fac8b14 [diff] [blame]
pvmfw: Delay panicking when DICE chain missing

Replace the low-level assertions during config data parsing about the
DICE handover being present with a high-level panic in main(), to
prepare for a change adding support for a missing input DICE handover.

Note: No functional change intended.

Test: m pvmfw
Bug: 393977894
Change-Id: I382e42c1eac8280a49aeca76d329bb8f5a10d07d

diff --git a/guest/pvmfw/src/main.rs b/guest/pvmfw/src/main.rs
index 7bf68b8..d83df5c 100644
--- a/guest/pvmfw/src/main.rs
+++ b/guest/pvmfw/src/main.rs

@@ -56,7 +56,7 @@
     untrusted_fdt: &mut Fdt,
     signed_kernel: &[u8],
     ramdisk: Option<&[u8]>,
-    current_dice_handover: &[u8],
+    current_dice_handover: Option<&[u8]>,
     mut debug_policy: Option<&[u8]>,
     vm_dtbo: Option<&mut [u8]>,
     vm_ref_dt: Option<&[u8]>,
@@ -71,8 +71,7 @@
         debug!("Ramdisk: None");
     }
 
-    let (dice_handover_bytes, dice_cdi_seal, dice_context, dice_debug_mode) =
-        parse_dice_handover(current_dice_handover)?;
+    let (parsed_dice, dice_debug_mode) = parse_dice_handover(current_dice_handover)?;
 
     // The bootloader should never pass us a debug policy when the boot is secure (the bootloader
     // is locked). If it gets it wrong, disregard it & log it, to avoid it causing problems.
@@ -97,6 +96,8 @@
             error!("Failed to compute partial DICE inputs: {e:?}");
             RebootReason::InternalError
         })?;
+        let (dice_handover_bytes, dice_cdi_seal, dice_context) =
+            parsed_dice.expect("Missing DICE values with VB data");
         let (new_instance, salt, defer_rollback_protection) =
             perform_rollback_protection(fdt, data, &dice_inputs, &dice_cdi_seal)?;
         trace!("Got salt for instance: {salt:x?}");
@@ -140,8 +141,11 @@
 }
 
 fn parse_dice_handover(
-    bytes: &[u8],
-) -> Result<(Cow<'_, [u8]>, Vec<u8>, DiceContext, bool), RebootReason> {
+    bytes: Option<&[u8]>,
+) -> Result<(Option<(Cow<'_, [u8]>, Vec<u8>, DiceContext)>, bool), RebootReason> {
+    let Some(bytes) = bytes else {
+        return Ok((None, false));
+    };
     let dice_handover = bcc_handover_parse(bytes).map_err(|e| {
         error!("Invalid DICE Handover: {e:?}");
         RebootReason::InvalidDiceHandover
@@ -181,7 +185,7 @@
         Cow::Owned(truncated_bytes)
     };
 
-    Ok((bytes_for_next, cdi_seal, dice_context, is_debug_mode))
+    Ok((Some((bytes_for_next, cdi_seal, dice_context)), is_debug_mode))
 }
 
 fn perform_dice_derivation<'a>(