pvmfw: refactor: Expose DICE inputs to main()

Refactor the code to give the top-level business logic access to the
DICE inputs to be able to set the hidden input (salt) and make use of
the computed hashes, as it will be required to verify the content of the
instance.img entry.

Note: No functional change intended.

Test: atest MicrodroidHostTests
Change-Id: I111006fb4becc12f5b19480e5b8882754e193102
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index be5a16a..f7774e4 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -38,7 +38,7 @@
 use alloc::boxed::Box;
 
 use crate::{
-    dice::derive_next_bcc,
+    dice::PartialInputs,
     entry::RebootReason,
     fdt::add_dice_node,
     helpers::flush,
@@ -90,13 +90,20 @@
     })?;
     // By leaking the slice, its content will be left behind for the next stage.
     let next_bcc = Box::leak(next_bcc);
-    let next_bcc_size =
-        derive_next_bcc(bcc, next_bcc, &verified_boot_data, PUBLIC_KEY).map_err(|e| {
-            error!("Failed to derive next-stage DICE secrets: {e:?}");
-            RebootReason::SecretDerivationError
-        })?;
-    trace!("Next BCC: {:x?}", bcc::Handover::new(&next_bcc[..next_bcc_size]));
 
+    let dice_inputs = PartialInputs::new(&verified_boot_data).map_err(|e| {
+        error!("Failed to compute partial DICE inputs: {e:?}");
+        RebootReason::InternalError
+    })?;
+    let salt = [0; ::dice::HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
+    let dice_inputs = dice_inputs.into_input_values(&salt).map_err(|e| {
+        error!("Failed to generate DICE inputs: {e:?}");
+        RebootReason::InternalError
+    })?;
+    let _ = bcc.main_flow(&dice_inputs, next_bcc).map_err(|e| {
+        error!("Failed to derive next-stage DICE secrets: {e:?}");
+        RebootReason::SecretDerivationError
+    })?;
     flush(next_bcc);
 
     add_dice_node(fdt, next_bcc.as_ptr() as usize, NEXT_BCC_SIZE).map_err(|e| {