[avb][refactoring] Extract VBMeta number check into a new method
Extracting different verification policies into different methods
to make `verify_payload` more readable.
There is no behavior change in this cl.
Test: m pvmfw_img && atest libpvmfw_avb.integration_test
Bug: 256148034
Change-Id: Ic5efd3544c69453ad0ea8f46f283cac25db33873
diff --git a/pvmfw/avb/src/verify.rs b/pvmfw/avb/src/verify.rs
index d6a0cb2..bcc320a 100644
--- a/pvmfw/avb/src/verify.rs
+++ b/pvmfw/avb/src/verify.rs
@@ -135,6 +135,16 @@
}
}
+fn verify_only_one_vbmeta_exists(
+ vbmeta_images: &[AvbVBMetaData],
+) -> Result<(), AvbSlotVerifyError> {
+ if vbmeta_images.len() == 1 {
+ Ok(())
+ } else {
+ Err(AvbSlotVerifyError::InvalidMetadata)
+ }
+}
+
fn verify_vbmeta_is_from_kernel_partition(
vbmeta_image: &AvbVBMetaData,
) -> Result<(), AvbSlotVerifyError> {
@@ -154,12 +164,10 @@
let mut ops = Ops::from(&mut payload);
let kernel_verify_result = ops.verify_partition(PartitionName::Kernel.as_cstr())?;
let vbmeta_images = kernel_verify_result.vbmeta_images()?;
- if vbmeta_images.len() != 1 {
- // There can only be one VBMeta.
- return Err(AvbSlotVerifyError::InvalidMetadata);
- }
+ verify_only_one_vbmeta_exists(vbmeta_images)?;
let vbmeta_image = vbmeta_images[0];
verify_vbmeta_is_from_kernel_partition(&vbmeta_image)?;
+
if initrd.is_none() {
verify_vbmeta_has_no_initrd_descriptor(&vbmeta_image)?;
return Ok(DebugLevel::None);