pvmfw: Don't abort boot for missing /avf/untrusted
pvmfw currently aborts the boot if the input DT is missing
/avf/untrusted or its <instance-id> property. However, a legacy payload
relying on the instance.img RBP solution doesn't necessarily require
either and there is therefore no reason for its boot to be affected by
their absence.
Note that this change doesn't affect RBP solutions which require
<instance-id> as those still panic when it's missing.
Bug: 291213394
Bug: 377276983
Test: m pvmfw_bin
Change-Id: Iea4560e532e3d03722713ee01aa481be95f8f264
diff --git a/guest/pvmfw/src/rollback.rs b/guest/pvmfw/src/rollback.rs
index f7723d7..e79705f 100644
--- a/guest/pvmfw/src/rollback.rs
+++ b/guest/pvmfw/src/rollback.rs
@@ -155,7 +155,7 @@
}
fn should_defer_rollback_protection(fdt: &Fdt) -> Result<bool, RebootReason> {
- let node = avf_untrusted_node(fdt)?;
+ let Some(node) = avf_untrusted_node(fdt)? else { return Ok(false) };
let defer_rbp = node
.getprop(c"defer-rollback-protection")
.map_err(|e| {
@@ -166,13 +166,10 @@
Ok(defer_rbp)
}
-fn avf_untrusted_node(fdt: &Fdt) -> Result<FdtNode, RebootReason> {
+fn avf_untrusted_node(fdt: &Fdt) -> Result<Option<FdtNode>, RebootReason> {
let node = fdt.node(c"/avf/untrusted").map_err(|e| {
error!("Failed to get /avf/untrusted node: {e}");
RebootReason::InvalidFdt
})?;
- node.ok_or_else(|| {
- error!("/avf/untrusted node is missing in DT");
- RebootReason::InvalidFdt
- })
+ Ok(node)
}