pvmfw: sanitize bootargs
during the fdt sanitization, the bootargs string is parsed and then
only the allowed args are filtered. crashkernel= and console= are
conditionaly filtered; they are included only when the corresponding
debug policy is turned on.
Bug: 275306568
Test: inject foo=bar to bootargs and see if it's filtered out
Change-Id: I617bbf888575674f9544fca9b2ea11a7795a6e95
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 662d705..a773f1a 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -19,6 +19,7 @@
extern crate alloc;
+mod bootargs;
mod config;
mod crypto;
mod dice;
@@ -52,6 +53,7 @@
use libfdt::Fdt;
use log::{debug, error, info, trace};
use pvmfw_avb::verify_payload;
+use pvmfw_avb::DebugLevel;
use pvmfw_embedded_key::PUBLIC_KEY;
const NEXT_BCC_SIZE: usize = GUEST_PAGE_SIZE;
@@ -119,10 +121,12 @@
flush(next_bcc);
let strict_boot = true;
- modify_for_next_stage(fdt, next_bcc, new_instance, strict_boot, debug_policy).map_err(|e| {
- error!("Failed to configure device tree: {e}");
- RebootReason::InternalError
- })?;
+ let debuggable = verified_boot_data.debug_level != DebugLevel::None;
+ modify_for_next_stage(fdt, next_bcc, new_instance, strict_boot, debug_policy, debuggable)
+ .map_err(|e| {
+ error!("Failed to configure device tree: {e}");
+ RebootReason::InternalError
+ })?;
info!("Starting payload...");
Ok(())