avb: move error module to libavb
The libavb Rust wrappers are moving to //external/avb to make them more
widely available and keep them closer to the C source.
To keep CLs manageable, this is being done in smaller chunks. This first
CL just moves the error module over.
A few minor changes were necessary to split out some pvmfw-specific
error conditions from the generic libavb errors (e.g. requirements on
the shape of the vbmeta image).
Bug: b/290110273
Test: atest results unchanged from pre-patch
Change-Id: Iacef297bfb72e560890971e9e158c55f46cf0583
diff --git a/pvmfw/avb/Android.bp b/pvmfw/avb/Android.bp
index 4efee6a..6c1bdd1 100644
--- a/pvmfw/avb/Android.bp
+++ b/pvmfw/avb/Android.bp
@@ -9,6 +9,7 @@
prefer_rlib: true,
rustlibs: [
"libavb_bindgen_nostd",
+ "libavb_rs_nostd",
"libtinyvec_nostd",
],
whole_static_libs: [
@@ -45,6 +46,7 @@
rustlibs: [
"libanyhow",
"libavb_bindgen",
+ "libavb_rs_nostd",
"libhex",
"libpvmfw_avb_nostd",
"libopenssl",
diff --git a/pvmfw/avb/src/descriptor/collection.rs b/pvmfw/avb/src/descriptor/collection.rs
index 14c47b1..f47bfbd 100644
--- a/pvmfw/avb/src/descriptor/collection.rs
+++ b/pvmfw/avb/src/descriptor/collection.rs
@@ -17,9 +17,9 @@
use super::common::get_valid_descriptor;
use super::hash::HashDescriptor;
use super::property::PropertyDescriptor;
-use crate::error::{AvbIOError, AvbSlotVerifyError};
use crate::partition::PartitionName;
use crate::utils::{self, is_not_null, to_usize, usize_checked_add};
+use crate::PvmfwVerifyError;
use avb_bindgen::{
avb_descriptor_foreach, avb_descriptor_validate_and_byteswap, AvbDescriptor, AvbDescriptorTag,
AvbVBMetaData,
@@ -45,9 +45,9 @@
/// Behavior is undefined if any of the following conditions are violated:
/// * `vbmeta.vbmeta_data` must be non-null and points to a valid VBMeta.
/// * `vbmeta.vbmeta_data` must be valid for reading `vbmeta.vbmeta_size` bytes.
- pub(crate) unsafe fn from_vbmeta(vbmeta: AvbVBMetaData) -> Result<Self, AvbSlotVerifyError> {
- is_not_null(vbmeta.vbmeta_data).map_err(|_| AvbSlotVerifyError::Io)?;
- let mut res: Result<Self, AvbIOError> = Ok(Self::default());
+ pub(crate) unsafe fn from_vbmeta(vbmeta: AvbVBMetaData) -> Result<Self, PvmfwVerifyError> {
+ is_not_null(vbmeta.vbmeta_data).map_err(|_| avb::SlotVerifyError::Io)?;
+ let mut res: Result<Self, avb::IoError> = Ok(Self::default());
// SAFETY: It is safe as the raw pointer `vbmeta.vbmeta_data` is a non-null pointer and
// points to a valid VBMeta structure.
let output = unsafe {
@@ -59,9 +59,9 @@
)
};
if output == res.is_ok() {
- res.map_err(AvbSlotVerifyError::InvalidDescriptors)
+ res.map_err(PvmfwVerifyError::InvalidDescriptors)
} else {
- Err(AvbSlotVerifyError::InvalidMetadata)
+ Err(avb::SlotVerifyError::InvalidMetadata.into())
}
}
@@ -74,11 +74,11 @@
pub(crate) fn find_hash_descriptor(
&self,
partition_name: PartitionName,
- ) -> Result<&HashDescriptor, AvbSlotVerifyError> {
+ ) -> Result<&HashDescriptor, avb::SlotVerifyError> {
self.hash_descriptors
.iter()
.find(|d| d.partition_name == partition_name)
- .ok_or(AvbSlotVerifyError::InvalidMetadata)
+ .ok_or(avb::SlotVerifyError::InvalidMetadata)
}
pub(crate) fn has_property_descriptor(&self) -> bool {
@@ -98,7 +98,7 @@
fn push_hash_descriptor(&mut self, descriptor: HashDescriptor<'a>) -> utils::Result<()> {
if self.hash_descriptors.iter().any(|d| d.partition_name == descriptor.partition_name) {
- return Err(AvbIOError::Io);
+ return Err(avb::IoError::Io);
}
self.hash_descriptors.push(descriptor);
Ok(())
@@ -109,7 +109,7 @@
descriptor: PropertyDescriptor<'a>,
) -> utils::Result<()> {
if self.prop_descriptor.is_some() {
- return Err(AvbIOError::Io);
+ return Err(avb::IoError::Io);
}
self.prop_descriptor.replace(descriptor);
Ok(())
@@ -120,7 +120,8 @@
///
/// Behavior is undefined if any of the following conditions are violated:
/// * The `descriptor` pointer must be non-null and points to a valid `AvbDescriptor` struct.
-/// * The `user_data` pointer must be non-null, points to a valid `Result<Descriptors, AvbIOError>`
+/// * The `user_data` pointer must be non-null, points to a valid
+/// `Result<Descriptors, avb::IoError>`
/// struct and is initialized.
unsafe extern "C" fn check_and_save_descriptor(
descriptor: *const AvbDescriptor,
@@ -128,7 +129,8 @@
) -> bool {
// SAFETY: It is safe because the caller ensures that `user_data` points to a valid struct and
// is initialized.
- let Some(res) = (unsafe { (user_data as *mut Result<Descriptors, AvbIOError>).as_mut() }) else {
+ let Some(res) = (unsafe { (user_data as *mut Result<Descriptors, avb::IoError>).as_mut() })
+ else {
return false;
};
let Ok(descriptors) = res else {
@@ -195,7 +197,7 @@
unsafe { PropertyDescriptor::from_descriptor_ptr(descriptor, data)? };
Ok(Self::Property(descriptor))
}
- _ => Err(AvbIOError::NoSuchValue),
+ _ => Err(avb::IoError::NoSuchValue),
}
}
}
diff --git a/pvmfw/avb/src/descriptor/common.rs b/pvmfw/avb/src/descriptor/common.rs
index 9d91553..31ee0a5 100644
--- a/pvmfw/avb/src/descriptor/common.rs
+++ b/pvmfw/avb/src/descriptor/common.rs
@@ -14,7 +14,6 @@
//! Structs and functions used by all the descriptors.
-use crate::error::AvbIOError;
use crate::utils::{self, is_not_null};
use core::mem::MaybeUninit;
@@ -32,7 +31,7 @@
let descriptor = unsafe {
let mut desc = MaybeUninit::uninit();
if !descriptor_validate_and_byteswap(descriptor_ptr, desc.as_mut_ptr()) {
- return Err(AvbIOError::Io);
+ return Err(avb::IoError::Io);
}
desc.assume_init()
};
diff --git a/pvmfw/avb/src/descriptor/hash.rs b/pvmfw/avb/src/descriptor/hash.rs
index 2a00479..089268f 100644
--- a/pvmfw/avb/src/descriptor/hash.rs
+++ b/pvmfw/avb/src/descriptor/hash.rs
@@ -15,7 +15,6 @@
//! Structs and functions relating to the hash descriptor.
use super::common::get_valid_descriptor;
-use crate::error::AvbIOError;
use crate::partition::PartitionName;
use crate::utils::{self, to_usize, usize_checked_add};
use avb_bindgen::{
@@ -54,13 +53,13 @@
let h = unsafe { HashDescriptorHeader::from_descriptor_ptr(descriptor)? };
let partition_name = data
.get(h.partition_name_range()?)
- .ok_or(AvbIOError::RangeOutsidePartition)?
+ .ok_or(avb::IoError::RangeOutsidePartition)?
.try_into()?;
let digest = data
.get(h.digest_range()?)
- .ok_or(AvbIOError::RangeOutsidePartition)?
+ .ok_or(avb::IoError::RangeOutsidePartition)?
.try_into()
- .map_err(|_| AvbIOError::InvalidValueSize)?;
+ .map_err(|_| avb::IoError::InvalidValueSize)?;
Ok(Self { partition_name, digest })
}
}
diff --git a/pvmfw/avb/src/descriptor/property.rs b/pvmfw/avb/src/descriptor/property.rs
index 589f2b2..336623a 100644
--- a/pvmfw/avb/src/descriptor/property.rs
+++ b/pvmfw/avb/src/descriptor/property.rs
@@ -15,7 +15,6 @@
//! Structs and functions relating to the property descriptor.
use super::common::get_valid_descriptor;
-use crate::error::AvbIOError;
use crate::utils::{self, to_usize, usize_checked_add};
use avb_bindgen::{
avb_property_descriptor_validate_and_byteswap, AvbDescriptor, AvbPropertyDescriptor,
@@ -48,8 +47,8 @@
const NUL_BYTE: u8 = b'\0';
match data.get(end) {
- Some(&NUL_BYTE) => data.get(start..end).ok_or(AvbIOError::RangeOutsidePartition),
- _ => Err(AvbIOError::NoSuchValue),
+ Some(&NUL_BYTE) => data.get(start..end).ok_or(avb::IoError::RangeOutsidePartition),
+ _ => Err(avb::IoError::NoSuchValue),
}
}
}
diff --git a/pvmfw/avb/src/error.rs b/pvmfw/avb/src/error.rs
index 5e3822f..af38c54 100644
--- a/pvmfw/avb/src/error.rs
+++ b/pvmfw/avb/src/error.rs
@@ -15,50 +15,32 @@
//! This module contains the error thrown by the payload verification API
//! and other errors used in the library.
-use avb_bindgen::{AvbIOResult, AvbSlotVerifyResult};
-
use core::fmt;
-/// This error is the error part of `AvbSlotVerifyResult`.
+/// Wrapper around `avb::SlotVerifyError` to add custom pvmfw errors.
/// It is the error thrown by the payload verification API `verify_payload()`.
#[derive(Clone, Debug, PartialEq, Eq)]
-pub enum AvbSlotVerifyError {
- /// AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT
- InvalidArgument,
- /// AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA
- InvalidMetadata,
- /// AVB_SLOT_VERIFY_RESULT_ERROR_IO
- Io,
- /// AVB_SLOT_VERIFY_RESULT_ERROR_OOM
- Oom,
- /// AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED
- PublicKeyRejected,
- /// AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX
- RollbackIndex,
- /// AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION
- UnsupportedVersion,
- /// AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION
- Verification,
+pub enum PvmfwVerifyError {
+ /// Passthrough avb::SlotVerifyError.
+ AvbError(avb::SlotVerifyError),
/// VBMeta has invalid descriptors.
- InvalidDescriptors(AvbIOError),
- /// Unknown vbmeta property
+ InvalidDescriptors(avb::IoError),
+ /// Unknown vbmeta property.
UnknownVbmetaProperty,
}
-impl fmt::Display for AvbSlotVerifyError {
+/// It's always possible to convert from an `avb::SlotVerifyError` since we are
+/// a superset.
+impl From<avb::SlotVerifyError> for PvmfwVerifyError {
+ fn from(error: avb::SlotVerifyError) -> Self {
+ Self::AvbError(error)
+ }
+}
+
+impl fmt::Display for PvmfwVerifyError {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self {
- Self::InvalidArgument => write!(f, "Invalid parameters."),
- Self::InvalidMetadata => write!(f, "Invalid metadata."),
- Self::Io => write!(f, "I/O error while trying to load data or get a rollback index."),
- Self::Oom => write!(f, "Unable to allocate memory."),
- Self::PublicKeyRejected => write!(f, "Public key rejected or data not signed."),
- Self::RollbackIndex => write!(f, "Rollback index is less than its stored value."),
- Self::UnsupportedVersion => write!(
- f,
- "Some of the metadata requires a newer version of libavb than what is in use."
- ),
- Self::Verification => write!(f, "Data does not verify."),
+ Self::AvbError(e) => write!(f, "{}", e),
Self::InvalidDescriptors(e) => {
write!(f, "VBMeta has invalid descriptors. Error: {:?}", e)
}
@@ -66,72 +48,3 @@
}
}
}
-
-pub(crate) fn slot_verify_result_to_verify_payload_result(
- result: AvbSlotVerifyResult,
-) -> Result<(), AvbSlotVerifyError> {
- match result {
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_OK => Ok(()),
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT => {
- Err(AvbSlotVerifyError::InvalidArgument)
- }
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA => {
- Err(AvbSlotVerifyError::InvalidMetadata)
- }
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_IO => Err(AvbSlotVerifyError::Io),
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_OOM => Err(AvbSlotVerifyError::Oom),
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED => {
- Err(AvbSlotVerifyError::PublicKeyRejected)
- }
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX => {
- Err(AvbSlotVerifyError::RollbackIndex)
- }
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION => {
- Err(AvbSlotVerifyError::UnsupportedVersion)
- }
- AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION => {
- Err(AvbSlotVerifyError::Verification)
- }
- }
-}
-
-/// AVB IO Error.
-#[derive(Clone, Debug, PartialEq, Eq)]
-pub enum AvbIOError {
- /// AVB_IO_RESULT_ERROR_OOM,
- #[allow(dead_code)]
- Oom,
- /// AVB_IO_RESULT_ERROR_IO,
- Io,
- /// AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION,
- NoSuchPartition,
- /// AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION,
- RangeOutsidePartition,
- /// AVB_IO_RESULT_ERROR_NO_SUCH_VALUE,
- NoSuchValue,
- /// AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE,
- InvalidValueSize,
- /// AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE,
- #[allow(dead_code)]
- InsufficientSpace,
-}
-
-impl From<AvbIOError> for AvbIOResult {
- fn from(error: AvbIOError) -> Self {
- match error {
- AvbIOError::Oom => AvbIOResult::AVB_IO_RESULT_ERROR_OOM,
- AvbIOError::Io => AvbIOResult::AVB_IO_RESULT_ERROR_IO,
- AvbIOError::NoSuchPartition => AvbIOResult::AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION,
- AvbIOError::RangeOutsidePartition => {
- AvbIOResult::AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION
- }
- AvbIOError::NoSuchValue => AvbIOResult::AVB_IO_RESULT_ERROR_NO_SUCH_VALUE,
- AvbIOError::InvalidValueSize => AvbIOResult::AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE,
- AvbIOError::InsufficientSpace => AvbIOResult::AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE,
- }
- }
-}
-
-pub(crate) fn to_avb_io_result(result: Result<(), AvbIOError>) -> AvbIOResult {
- result.map_or_else(|e| e.into(), |_| AvbIOResult::AVB_IO_RESULT_OK)
-}
diff --git a/pvmfw/avb/src/lib.rs b/pvmfw/avb/src/lib.rs
index fdab990..9c3fe11 100644
--- a/pvmfw/avb/src/lib.rs
+++ b/pvmfw/avb/src/lib.rs
@@ -26,5 +26,5 @@
mod verify;
pub use descriptor::Digest;
-pub use error::{AvbIOError, AvbSlotVerifyError};
+pub use error::PvmfwVerifyError;
pub use verify::{verify_payload, Capability, DebugLevel, VerifiedBootData};
diff --git a/pvmfw/avb/src/ops.rs b/pvmfw/avb/src/ops.rs
index 8f7295c..539291b 100644
--- a/pvmfw/avb/src/ops.rs
+++ b/pvmfw/avb/src/ops.rs
@@ -14,11 +14,9 @@
//! Structs and functions relating to `AvbOps`.
-use crate::error::{
- slot_verify_result_to_verify_payload_result, to_avb_io_result, AvbIOError, AvbSlotVerifyError,
-};
use crate::partition::PartitionName;
use crate::utils::{self, as_ref, is_not_null, to_nonnull, write};
+use avb::internal::{result_to_io_enum, slot_verify_enum_to_result};
use avb_bindgen::{
avb_slot_verify, avb_slot_verify_data_free, AvbHashtreeErrorMode, AvbIOResult, AvbOps,
AvbPartitionData, AvbSlotVerifyData, AvbSlotVerifyFlags, AvbVBMetaData,
@@ -55,11 +53,11 @@
Self { kernel, initrd, trusted_public_key }
}
- fn get_partition(&self, partition_name: *const c_char) -> Result<&[u8], AvbIOError> {
+ fn get_partition(&self, partition_name: *const c_char) -> Result<&[u8], avb::IoError> {
match partition_name.try_into()? {
PartitionName::Kernel => Ok(self.kernel),
PartitionName::InitrdNormal | PartitionName::InitrdDebug => {
- self.initrd.ok_or(AvbIOError::NoSuchPartition)
+ self.initrd.ok_or(avb::IoError::NoSuchPartition)
}
}
}
@@ -96,7 +94,7 @@
pub(crate) fn verify_partition(
&mut self,
partition_name: &CStr,
- ) -> Result<AvbSlotVerifyDataWrap, AvbSlotVerifyError> {
+ ) -> Result<AvbSlotVerifyDataWrap, avb::SlotVerifyError> {
let requested_partitions = [partition_name.as_ptr(), ptr::null()];
let ab_suffix = CStr::from_bytes_with_nul(NULL_BYTE).unwrap();
let mut out_data = MaybeUninit::uninit();
@@ -113,7 +111,7 @@
out_data.as_mut_ptr(),
)
};
- slot_verify_result_to_verify_payload_result(result)?;
+ slot_verify_enum_to_result(result)?;
// SAFETY: This is safe because `out_data` has been properly initialized after
// calling `avb_slot_verify` and it returns OK.
let out_data = unsafe { out_data.assume_init() };
@@ -125,7 +123,7 @@
_ops: *mut AvbOps,
out_is_unlocked: *mut bool,
) -> AvbIOResult {
- to_avb_io_result(write(out_is_unlocked, false))
+ result_to_io_enum(write(out_is_unlocked, false))
}
extern "C" fn get_preloaded_partition(
@@ -135,7 +133,7 @@
out_pointer: *mut *mut u8,
out_num_bytes_preloaded: *mut usize,
) -> AvbIOResult {
- to_avb_io_result(try_get_preloaded_partition(
+ result_to_io_enum(try_get_preloaded_partition(
ops,
partition,
num_bytes,
@@ -165,7 +163,7 @@
buffer: *mut c_void,
out_num_read: *mut usize,
) -> AvbIOResult {
- to_avb_io_result(try_read_from_partition(
+ result_to_io_enum(try_read_from_partition(
ops,
partition,
offset,
@@ -194,9 +192,9 @@
}
fn copy_data_to_dst(src: &[u8], offset: i64, dst: &mut [u8]) -> utils::Result<()> {
- let start = to_copy_start(offset, src.len()).ok_or(AvbIOError::InvalidValueSize)?;
- let end = start.checked_add(dst.len()).ok_or(AvbIOError::InvalidValueSize)?;
- dst.copy_from_slice(src.get(start..end).ok_or(AvbIOError::RangeOutsidePartition)?);
+ let start = to_copy_start(offset, src.len()).ok_or(avb::IoError::InvalidValueSize)?;
+ let end = start.checked_add(dst.len()).ok_or(avb::IoError::InvalidValueSize)?;
+ dst.copy_from_slice(src.get(start..end).ok_or(avb::IoError::RangeOutsidePartition)?);
Ok(())
}
@@ -211,7 +209,7 @@
partition: *const c_char,
out_size_num_bytes: *mut u64,
) -> AvbIOResult {
- to_avb_io_result(try_get_size_of_partition(ops, partition, out_size_num_bytes))
+ result_to_io_enum(try_get_size_of_partition(ops, partition, out_size_num_bytes))
}
fn try_get_size_of_partition(
@@ -222,7 +220,7 @@
let ops = as_ref(ops)?;
let partition = ops.as_ref().get_partition(partition)?;
let partition_size =
- u64::try_from(partition.len()).map_err(|_| AvbIOError::InvalidValueSize)?;
+ u64::try_from(partition.len()).map_err(|_| avb::IoError::InvalidValueSize)?;
write(out_size_num_bytes, partition_size)
}
@@ -235,7 +233,7 @@
// `avb_slot_verify()`.
// We set `out_rollback_index` to 0 to ensure that the default rollback index (0)
// is never smaller than it, thus the rollback index check will pass.
- to_avb_io_result(write(out_rollback_index, 0))
+ result_to_io_enum(write(out_rollback_index, 0))
}
extern "C" fn get_unique_guid_for_partition(
@@ -258,7 +256,7 @@
public_key_metadata_length: usize,
out_is_trusted: *mut bool,
) -> AvbIOResult {
- to_avb_io_result(try_validate_vbmeta_public_key(
+ result_to_io_enum(try_validate_vbmeta_public_key(
ops,
public_key_data,
public_key_length,
@@ -290,10 +288,10 @@
pub(crate) struct AvbSlotVerifyDataWrap(*mut AvbSlotVerifyData);
impl TryFrom<*mut AvbSlotVerifyData> for AvbSlotVerifyDataWrap {
- type Error = AvbSlotVerifyError;
+ type Error = avb::SlotVerifyError;
fn try_from(data: *mut AvbSlotVerifyData) -> Result<Self, Self::Error> {
- is_not_null(data).map_err(|_| AvbSlotVerifyError::Io)?;
+ is_not_null(data).map_err(|_| avb::SlotVerifyError::Io)?;
Ok(Self(data))
}
}
@@ -317,18 +315,18 @@
}
impl AvbSlotVerifyDataWrap {
- pub(crate) fn vbmeta_images(&self) -> Result<&[AvbVBMetaData], AvbSlotVerifyError> {
+ pub(crate) fn vbmeta_images(&self) -> Result<&[AvbVBMetaData], avb::SlotVerifyError> {
let data = self.as_ref();
- is_not_null(data.vbmeta_images).map_err(|_| AvbSlotVerifyError::Io)?;
+ is_not_null(data.vbmeta_images).map_err(|_| avb::SlotVerifyError::Io)?;
let vbmeta_images =
// SAFETY: It is safe as the raw pointer `data.vbmeta_images` is a nonnull pointer.
unsafe { slice::from_raw_parts(data.vbmeta_images, data.num_vbmeta_images) };
Ok(vbmeta_images)
}
- pub(crate) fn loaded_partitions(&self) -> Result<&[AvbPartitionData], AvbSlotVerifyError> {
+ pub(crate) fn loaded_partitions(&self) -> Result<&[AvbPartitionData], avb::SlotVerifyError> {
let data = self.as_ref();
- is_not_null(data.loaded_partitions).map_err(|_| AvbSlotVerifyError::Io)?;
+ is_not_null(data.loaded_partitions).map_err(|_| avb::SlotVerifyError::Io)?;
let loaded_partitions =
// SAFETY: It is safe as the raw pointer `data.loaded_partitions` is a nonnull pointer and
// is guaranteed by libavb to point to a valid `AvbPartitionData` array as part of the
diff --git a/pvmfw/avb/src/partition.rs b/pvmfw/avb/src/partition.rs
index bc63003..ca450c9 100644
--- a/pvmfw/avb/src/partition.rs
+++ b/pvmfw/avb/src/partition.rs
@@ -14,7 +14,6 @@
//! Struct and functions relating to well-known partition names.
-use crate::error::AvbIOError;
use crate::utils::is_not_null;
use core::ffi::{c_char, CStr};
@@ -53,7 +52,7 @@
}
impl TryFrom<*const c_char> for PartitionName {
- type Error = AvbIOError;
+ type Error = avb::IoError;
fn try_from(partition_name: *const c_char) -> Result<Self, Self::Error> {
is_not_null(partition_name)?;
@@ -64,27 +63,27 @@
}
impl TryFrom<&CStr> for PartitionName {
- type Error = AvbIOError;
+ type Error = avb::IoError;
fn try_from(partition_name: &CStr) -> Result<Self, Self::Error> {
match partition_name.to_bytes_with_nul() {
Self::KERNEL_PARTITION_NAME => Ok(Self::Kernel),
Self::INITRD_NORMAL_PARTITION_NAME => Ok(Self::InitrdNormal),
Self::INITRD_DEBUG_PARTITION_NAME => Ok(Self::InitrdDebug),
- _ => Err(AvbIOError::NoSuchPartition),
+ _ => Err(avb::IoError::NoSuchPartition),
}
}
}
impl TryFrom<&[u8]> for PartitionName {
- type Error = AvbIOError;
+ type Error = avb::IoError;
fn try_from(non_null_terminated_name: &[u8]) -> Result<Self, Self::Error> {
match non_null_terminated_name {
x if x == Self::Kernel.as_non_null_terminated_bytes() => Ok(Self::Kernel),
x if x == Self::InitrdNormal.as_non_null_terminated_bytes() => Ok(Self::InitrdNormal),
x if x == Self::InitrdDebug.as_non_null_terminated_bytes() => Ok(Self::InitrdDebug),
- _ => Err(AvbIOError::NoSuchPartition),
+ _ => Err(avb::IoError::NoSuchPartition),
}
}
}
diff --git a/pvmfw/avb/src/utils.rs b/pvmfw/avb/src/utils.rs
index a24d61f..f4f15e1 100644
--- a/pvmfw/avb/src/utils.rs
+++ b/pvmfw/avb/src/utils.rs
@@ -14,11 +14,10 @@
//! Common utility functions.
-use crate::error::AvbIOError;
use core::ptr::NonNull;
use core::result;
-pub(crate) type Result<T> = result::Result<T, AvbIOError>;
+pub(crate) type Result<T> = result::Result<T, avb::IoError>;
pub(crate) fn write<T>(ptr: *mut T, value: T) -> Result<()> {
let ptr = to_nonnull(ptr)?;
@@ -36,21 +35,21 @@
}
pub(crate) fn to_nonnull<T>(ptr: *mut T) -> Result<NonNull<T>> {
- NonNull::new(ptr).ok_or(AvbIOError::NoSuchValue)
+ NonNull::new(ptr).ok_or(avb::IoError::NoSuchValue)
}
pub(crate) fn is_not_null<T>(ptr: *const T) -> Result<()> {
if ptr.is_null() {
- Err(AvbIOError::NoSuchValue)
+ Err(avb::IoError::NoSuchValue)
} else {
Ok(())
}
}
pub(crate) fn to_usize<T: TryInto<usize>>(num: T) -> Result<usize> {
- num.try_into().map_err(|_| AvbIOError::InvalidValueSize)
+ num.try_into().map_err(|_| avb::IoError::InvalidValueSize)
}
pub(crate) fn usize_checked_add(x: usize, y: usize) -> Result<usize> {
- x.checked_add(y).ok_or(AvbIOError::InvalidValueSize)
+ x.checked_add(y).ok_or(avb::IoError::InvalidValueSize)
}
diff --git a/pvmfw/avb/src/verify.rs b/pvmfw/avb/src/verify.rs
index c5ed8cc..ac945e2 100644
--- a/pvmfw/avb/src/verify.rs
+++ b/pvmfw/avb/src/verify.rs
@@ -15,9 +15,9 @@
//! This module handles the pvmfw payload verification.
use crate::descriptor::{Descriptors, Digest};
-use crate::error::AvbSlotVerifyError;
use crate::ops::{Ops, Payload};
use crate::partition::PartitionName;
+use crate::PvmfwVerifyError;
use alloc::vec;
use alloc::vec::Vec;
use avb_bindgen::{AvbPartitionData, AvbVBMetaData};
@@ -59,16 +59,16 @@
const REMOTE_ATTEST: &[u8] = b"remote_attest";
const SEPARATOR: u8 = b'|';
- fn get_capabilities(property_value: &[u8]) -> Result<Vec<Self>, AvbSlotVerifyError> {
+ fn get_capabilities(property_value: &[u8]) -> Result<Vec<Self>, PvmfwVerifyError> {
let mut res = Vec::new();
for v in property_value.split(|b| *b == Self::SEPARATOR) {
let cap = match v {
Self::REMOTE_ATTEST => Self::RemoteAttest,
- _ => return Err(AvbSlotVerifyError::UnknownVbmetaProperty),
+ _ => return Err(PvmfwVerifyError::UnknownVbmetaProperty),
};
if res.contains(&cap) {
- return Err(AvbSlotVerifyError::InvalidMetadata);
+ return Err(avb::SlotVerifyError::InvalidMetadata.into());
}
res.push(cap);
}
@@ -78,30 +78,30 @@
fn verify_only_one_vbmeta_exists(
vbmeta_images: &[AvbVBMetaData],
-) -> Result<(), AvbSlotVerifyError> {
+) -> Result<(), avb::SlotVerifyError> {
if vbmeta_images.len() == 1 {
Ok(())
} else {
- Err(AvbSlotVerifyError::InvalidMetadata)
+ Err(avb::SlotVerifyError::InvalidMetadata)
}
}
fn verify_vbmeta_is_from_kernel_partition(
vbmeta_image: &AvbVBMetaData,
-) -> Result<(), AvbSlotVerifyError> {
+) -> Result<(), avb::SlotVerifyError> {
match (vbmeta_image.partition_name as *const c_char).try_into() {
Ok(PartitionName::Kernel) => Ok(()),
- _ => Err(AvbSlotVerifyError::InvalidMetadata),
+ _ => Err(avb::SlotVerifyError::InvalidMetadata),
}
}
fn verify_vbmeta_has_only_one_hash_descriptor(
descriptors: &Descriptors,
-) -> Result<(), AvbSlotVerifyError> {
+) -> Result<(), avb::SlotVerifyError> {
if descriptors.num_hash_descriptor() == 1 {
Ok(())
} else {
- Err(AvbSlotVerifyError::InvalidMetadata)
+ Err(avb::SlotVerifyError::InvalidMetadata)
}
}
@@ -109,22 +109,22 @@
loaded_partitions: &[AvbPartitionData],
partition_name: PartitionName,
expected_len: usize,
-) -> Result<(), AvbSlotVerifyError> {
+) -> Result<(), avb::SlotVerifyError> {
if loaded_partitions.len() != 1 {
// Only one partition should be loaded in each verify result.
- return Err(AvbSlotVerifyError::Io);
+ return Err(avb::SlotVerifyError::Io);
}
let loaded_partition = loaded_partitions[0];
if !PartitionName::try_from(loaded_partition.partition_name as *const c_char)
.map_or(false, |p| p == partition_name)
{
// Only the requested partition should be loaded.
- return Err(AvbSlotVerifyError::Io);
+ return Err(avb::SlotVerifyError::Io);
}
if loaded_partition.data_size == expected_len {
Ok(())
} else {
- Err(AvbSlotVerifyError::Verification)
+ Err(avb::SlotVerifyError::Verification)
}
}
@@ -132,13 +132,13 @@
/// vm type is service VM.
fn verify_property_and_get_capabilities(
descriptors: &Descriptors,
-) -> Result<Vec<Capability>, AvbSlotVerifyError> {
+) -> Result<Vec<Capability>, PvmfwVerifyError> {
if !descriptors.has_property_descriptor() {
return Ok(vec![]);
}
descriptors
.find_property_value(Capability::KEY)
- .ok_or(AvbSlotVerifyError::UnknownVbmetaProperty)
+ .ok_or(PvmfwVerifyError::UnknownVbmetaProperty)
.and_then(Capability::get_capabilities)
}
@@ -147,7 +147,7 @@
kernel: &[u8],
initrd: Option<&[u8]>,
trusted_public_key: &'a [u8],
-) -> Result<VerifiedBootData<'a>, AvbSlotVerifyError> {
+) -> Result<VerifiedBootData<'a>, PvmfwVerifyError> {
let mut payload = Payload::new(kernel, initrd, trusted_public_key);
let mut ops = Ops::from(&mut payload);
let kernel_verify_result = ops.verify_partition(PartitionName::Kernel.as_cstr())?;
@@ -181,7 +181,7 @@
} else if let Ok(result) = ops.verify_partition(PartitionName::InitrdDebug.as_cstr()) {
(DebugLevel::Full, result, PartitionName::InitrdDebug)
} else {
- return Err(AvbSlotVerifyError::Verification);
+ return Err(avb::SlotVerifyError::Verification.into());
};
let loaded_partitions = initrd_verify_result.loaded_partitions()?;
verify_loaded_partition_has_expected_length(
diff --git a/pvmfw/avb/tests/api_test.rs b/pvmfw/avb/tests/api_test.rs
index 2f45d77..e7e4dcc 100644
--- a/pvmfw/avb/tests/api_test.rs
+++ b/pvmfw/avb/tests/api_test.rs
@@ -18,9 +18,7 @@
use anyhow::{anyhow, Result};
use avb_bindgen::{AvbFooter, AvbVBMetaImageHeader};
-use pvmfw_avb::{
- verify_payload, AvbIOError, AvbSlotVerifyError, Capability, DebugLevel, VerifiedBootData,
-};
+use pvmfw_avb::{verify_payload, Capability, DebugLevel, PvmfwVerifyError, VerifiedBootData};
use std::{fs, mem::size_of, ptr};
use utils::*;
@@ -86,7 +84,7 @@
&fs::read(TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH)?,
/*initrd=*/ None,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidDescriptors(AvbIOError::NoSuchPartition),
+ PvmfwVerifyError::InvalidDescriptors(avb::IoError::NoSuchPartition),
)
}
@@ -96,7 +94,7 @@
&fs::read(TEST_IMG_WITH_INITRD_AND_NON_INITRD_DESC_PATH)?,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidDescriptors(AvbIOError::NoSuchPartition),
+ PvmfwVerifyError::InvalidDescriptors(avb::IoError::NoSuchPartition),
)
}
@@ -129,7 +127,7 @@
&fs::read(TEST_IMG_WITH_UNKNOWN_VM_TYPE_PROP_PATH)?,
/*initrd=*/ None,
&load_trusted_public_key()?,
- AvbSlotVerifyError::UnknownVbmetaProperty,
+ PvmfwVerifyError::UnknownVbmetaProperty,
)
}
@@ -139,7 +137,7 @@
&fs::read(TEST_IMG_WITH_MULTIPLE_PROPS_PATH)?,
/*initrd=*/ None,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidDescriptors(AvbIOError::Io),
+ PvmfwVerifyError::InvalidDescriptors(avb::IoError::Io),
)
}
@@ -149,7 +147,7 @@
&fs::read(TEST_IMG_WITH_DUPLICATED_CAP_PATH)?,
/*initrd=*/ None,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidMetadata,
+ avb::SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -159,7 +157,7 @@
&fs::read(TEST_IMG_WITH_PROP_DESC_PATH)?,
/*initrd=*/ None,
&load_trusted_public_key()?,
- AvbSlotVerifyError::UnknownVbmetaProperty,
+ PvmfwVerifyError::UnknownVbmetaProperty,
)
}
@@ -169,7 +167,7 @@
&load_latest_signed_kernel()?,
/*initrd=*/ None,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidMetadata,
+ avb::SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -179,7 +177,7 @@
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
/*trusted_public_key=*/ &[0u8; 0],
- AvbSlotVerifyError::PublicKeyRejected,
+ avb::SlotVerifyError::PublicKeyRejected.into(),
)
}
@@ -189,7 +187,7 @@
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
/*trusted_public_key=*/ &[0u8; 512],
- AvbSlotVerifyError::PublicKeyRejected,
+ avb::SlotVerifyError::PublicKeyRejected.into(),
)
}
@@ -199,7 +197,7 @@
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
&fs::read(PUBLIC_KEY_RSA2048_PATH)?,
- AvbSlotVerifyError::PublicKeyRejected,
+ avb::SlotVerifyError::PublicKeyRejected.into(),
)
}
@@ -209,7 +207,7 @@
&load_latest_signed_kernel()?,
/*initrd=*/ &fs::read(UNSIGNED_TEST_IMG_PATH)?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ avb::SlotVerifyError::Verification.into(),
)
}
@@ -219,7 +217,7 @@
&fs::read(UNSIGNED_TEST_IMG_PATH)?,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Io,
+ avb::SlotVerifyError::Io.into(),
)
}
@@ -232,7 +230,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ avb::SlotVerifyError::Verification.into(),
)
}
@@ -270,7 +268,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Io,
+ avb::SlotVerifyError::Io.into(),
)?;
}
Ok(())
@@ -286,7 +284,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidMetadata,
+ avb::SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -299,7 +297,7 @@
&load_latest_signed_kernel()?,
&initrd,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ avb::SlotVerifyError::Verification.into(),
)
}
@@ -315,7 +313,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidMetadata,
+ avb::SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -338,13 +336,13 @@
&kernel,
&load_latest_initrd_normal()?,
&empty_public_key,
- AvbSlotVerifyError::Verification,
+ avb::SlotVerifyError::Verification.into(),
)?;
assert_payload_verification_with_initrd_fails(
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ avb::SlotVerifyError::Verification.into(),
)
}
@@ -382,6 +380,6 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ avb::SlotVerifyError::Verification.into(),
)
}
diff --git a/pvmfw/avb/tests/utils.rs b/pvmfw/avb/tests/utils.rs
index 79fdfff..86d2398 100644
--- a/pvmfw/avb/tests/utils.rs
+++ b/pvmfw/avb/tests/utils.rs
@@ -22,7 +22,7 @@
AvbVBMetaImageHeader,
};
use openssl::sha;
-use pvmfw_avb::{verify_payload, AvbSlotVerifyError, DebugLevel, Digest, VerifiedBootData};
+use pvmfw_avb::{verify_payload, DebugLevel, Digest, PvmfwVerifyError, VerifiedBootData};
use std::{
fs,
mem::{size_of, transmute, MaybeUninit},
@@ -39,7 +39,7 @@
kernel: &[u8],
initrd: &[u8],
trusted_public_key: &[u8],
- expected_error: AvbSlotVerifyError,
+ expected_error: PvmfwVerifyError,
) -> Result<()> {
assert_payload_verification_fails(kernel, Some(initrd), trusted_public_key, expected_error)
}
@@ -48,7 +48,7 @@
kernel: &[u8],
initrd: Option<&[u8]>,
trusted_public_key: &[u8],
- expected_error: AvbSlotVerifyError,
+ expected_error: PvmfwVerifyError,
) -> Result<()> {
assert_eq!(expected_error, verify_payload(kernel, initrd, trusted_public_key).unwrap_err());
Ok(())