pvmfw: Obtain entropy through the SMCCC TRNG
Implement a driver for the SMCCC TRNG and use it to generate the DICE
salt and AEAD nonce.
Bug: 262393451
Test: atest MicrodroidHostTests
Change-Id: Ie85e9196760779d665511bc0c9a2719d00a5eb81
diff --git a/pvmfw/src/instance.rs b/pvmfw/src/instance.rs
index 6a54623..fbf2040 100644
--- a/pvmfw/src/instance.rs
+++ b/pvmfw/src/instance.rs
@@ -22,6 +22,7 @@
use crate::gpt::Partition;
use crate::gpt::Partitions;
use crate::helpers::ceiling_div;
+use crate::rand;
use crate::virtio::pci::VirtIOBlkIterator;
use core::fmt;
use core::mem::size_of;
@@ -38,6 +39,8 @@
FailedIo(gpt::Error),
/// Failed to decrypt the entry.
FailedOpen(crypto::ErrorIterator),
+ /// Failed to generate a random salt to be stored.
+ FailedSaltGeneration(rand::Error),
/// Failed to encrypt the entry.
FailedSeal(crypto::ErrorIterator),
/// Impossible to create a new instance.img entry.
@@ -69,6 +72,7 @@
}
Ok(())
}
+ Self::FailedSaltGeneration(e) => write!(f, "Failed to generate salt: {e}"),
Self::FailedSeal(e_iter) => {
writeln!(f, "Failed to seal the instance.img partition:")?;
for e in *e_iter {
@@ -129,7 +133,7 @@
}
}
PvmfwEntry::New { header_index } => {
- let salt = [0; size_of::<Hidden>()]; // TODO(b/262393451): Generate using TRNG.
+ let salt = rand::random_array().map_err(Error::FailedSaltGeneration)?;
let entry_body = EntryBody::new(dice_inputs, &salt);
let body = entry_body.as_ref();