pvmfw: Move bcc under dice::chain
Prepare for heavily changing the file by first moving/renaming it.
Note that libpvmfw.dice.test now also includes dice::chain, as a result.
Test: m libpvmfw.dice.test pvmfw_bin
Change-Id: I9edb0fc8aa54a50c756de2ac3f9c82ce83f5e51a
diff --git a/guest/pvmfw/Android.bp b/guest/pvmfw/Android.bp
index 6f113c8..cd32f8f 100644
--- a/guest/pvmfw/Android.bp
+++ b/guest/pvmfw/Android.bp
@@ -113,13 +113,15 @@
rust_test {
name: "libpvmfw.dice.test",
- srcs: ["src/dice.rs"],
+ srcs: ["src/dice/mod.rs"],
defaults: ["libpvmfw.test.defaults"],
rustlibs: [
"libcbor_util",
"libciborium",
+ "libcoset_nostd",
"libdiced_open_dice_nostd",
"libhwtrust",
+ "liblog_rust",
"libpvmfw_avb_nostd",
"libdiced_sample_inputs_nostd",
"libzerocopy_nostd",
diff --git a/guest/pvmfw/src/bcc.rs b/guest/pvmfw/src/dice/chain.rs
similarity index 98%
rename from guest/pvmfw/src/bcc.rs
rename to guest/pvmfw/src/dice/chain.rs
index 7ce50e9..0f5b058 100644
--- a/guest/pvmfw/src/bcc.rs
+++ b/guest/pvmfw/src/dice/chain.rs
@@ -59,6 +59,7 @@
/// Return a new CBOR encoded BccHandover that is based on the incoming CDIs but does not chain
/// from the received BCC.
+#[cfg_attr(test, allow(dead_code))]
pub fn truncate(bcc_handover: BccHandover) -> Result<Vec<u8>> {
// Note: The strings here are deliberately different from those used in a normal DICE handover
// because we want this to not be equivalent to any valid DICE derivation.
@@ -75,6 +76,7 @@
cbor_util::serialize(&bcc_handover).map_err(|_| BccError::CborEncodeError)
}
+#[cfg_attr(test, allow(dead_code))]
fn taint_cdi(cdi: &Cdi, info: &str) -> Result<Cdi> {
// An arbitrary value generated randomly.
const SALT: [u8; 64] = [
diff --git a/guest/pvmfw/src/dice.rs b/guest/pvmfw/src/dice/mod.rs
similarity index 99%
rename from guest/pvmfw/src/dice.rs
rename to guest/pvmfw/src/dice/mod.rs
index 49a3807..94348a5 100644
--- a/guest/pvmfw/src/dice.rs
+++ b/guest/pvmfw/src/dice/mod.rs
@@ -15,9 +15,12 @@
//! Support for DICE derivation and BCC generation.
extern crate alloc;
+pub(crate) mod chain;
+
use alloc::format;
use alloc::string::String;
use alloc::vec::Vec;
+pub use chain::Bcc;
use ciborium::cbor;
use ciborium::Value;
use core::mem::size_of;
diff --git a/guest/pvmfw/src/main.rs b/guest/pvmfw/src/main.rs
index 30624cd..d3d5527 100644
--- a/guest/pvmfw/src/main.rs
+++ b/guest/pvmfw/src/main.rs
@@ -20,7 +20,6 @@
extern crate alloc;
mod arch;
-mod bcc;
mod bootargs;
mod config;
mod device_assignment;
@@ -32,8 +31,7 @@
mod memory;
mod rollback;
-use crate::bcc::Bcc;
-use crate::dice::PartialInputs;
+use crate::dice::{Bcc, PartialInputs};
use crate::entry::RebootReason;
use crate::fdt::{modify_for_next_stage, read_instance_id, sanitize_device_tree};
use crate::rollback::perform_rollback_protection;
@@ -134,7 +132,7 @@
// entire chain we were given and taint the CDIs. Note that the resulting CDIs are
// still deterministically derived from those we received, so will vary iff they do.
// TODO(b/280405545): Remove this post Android 14.
- let truncated_bcc_handover = bcc::truncate(bcc_handover).map_err(|e| {
+ let truncated_bcc_handover = dice::chain::truncate(bcc_handover).map_err(|e| {
error!("{e}");
RebootReason::InternalError
})?;