Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 5fa9290f5f8e30a831db7541d76e70d087ab62f1 / . / pvmfw / src / dice.rs
blob: 28271d3ec480487cccf3df45104b3d8bfbc4e97f [file] [log] [blame]
Pierre-Clément Tosi4f4f5eb2022-12-08 14:31:42 +0000[diff] [blame]1// Copyright 2022, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! Support for DICE derivation and BCC generation.
16
Pierre-Clément Tosibec84662023-01-04 14:25:33 +0000[diff] [blame]17use core::ffi::c_void;
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]18use core::mem::size_of;
Pierre-Clément Tosibec84662023-01-04 14:25:33 +0000[diff] [blame]19use core::slice;
Alice Wang843d8312023-02-15 09:47:06 +0000[diff] [blame]20use diced_open_dice::{
Alan Stokesc4354b82023-05-04 16:06:52 +0100[diff] [blame]21 bcc_format_config_descriptor, bcc_handover_main_flow, hash, Config, DiceMode, Hash,
22 InputValues, HIDDEN_SIZE,
Alice Wang843d8312023-02-15 09:47:06 +0000[diff] [blame]23};
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]24use pvmfw_avb::{DebugLevel, Digest, VerifiedBootData};
Alice Wanga3971062023-06-13 11:48:53 +0000[diff] [blame]25use vmbase::cstr;
26use vmbase::memory::flushed_zeroize;
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]27
Alice Wang31226132023-01-31 12:44:39 +0000[diff] [blame]28fn to_dice_mode(debug_level: DebugLevel) -> DiceMode {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]29 match debug_level {
Alice Wang31226132023-01-31 12:44:39 +0000[diff] [blame]30 DebugLevel::None => DiceMode::kDiceModeNormal,
31 DebugLevel::Full => DiceMode::kDiceModeDebug,
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]32 }
33}
34
Alice Wang843d8312023-02-15 09:47:06 +0000[diff] [blame]35fn to_dice_hash(verified_boot_data: &VerifiedBootData) -> diced_open_dice::Result<Hash> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]36 let mut digests = [0u8; size_of::<Digest>() * 2];
37 digests[..size_of::<Digest>()].copy_from_slice(&verified_boot_data.kernel_digest);
38 if let Some(initrd_digest) = verified_boot_data.initrd_digest {
39 digests[size_of::<Digest>()..].copy_from_slice(&initrd_digest);
40 }
41 hash(&digests)
42}
Pierre-Clément Tosi4f4f5eb2022-12-08 14:31:42 +0000[diff] [blame]43
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]44pub struct PartialInputs {
Pierre-Clément Tosi1cc5eb72023-02-02 11:09:18 +0000[diff] [blame]45 pub code_hash: Hash,
46 pub auth_hash: Hash,
47 pub mode: DiceMode,
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]48}
Pierre-Clément Tosi4f4f5eb2022-12-08 14:31:42 +0000[diff] [blame]49
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]50impl PartialInputs {
Alice Wang843d8312023-02-15 09:47:06 +0000[diff] [blame]51 pub fn new(data: &VerifiedBootData) -> diced_open_dice::Result<Self> {
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]52 let code_hash = to_dice_hash(data)?;
53 let auth_hash = hash(data.public_key)?;
54 let mode = to_dice_mode(data.debug_level);
Pierre-Clément Tosi4f4f5eb2022-12-08 14:31:42 +0000[diff] [blame]55
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]56 Ok(Self { code_hash, auth_hash, mode })
57 }
58
Alan Stokesc4354b82023-05-04 16:06:52 +0100[diff] [blame]59 pub fn write_next_bcc(
Alice Wang843d8312023-02-15 09:47:06 +0000[diff] [blame]60 self,
Alan Stokesc4354b82023-05-04 16:06:52 +0100[diff] [blame]61 current_bcc_handover: &[u8],
Alice Wang843d8312023-02-15 09:47:06 +0000[diff] [blame]62 salt: &[u8; HIDDEN_SIZE],
Alan Stokesc4354b82023-05-04 16:06:52 +0100[diff] [blame]63 next_bcc: &mut [u8],
64 ) -> diced_open_dice::Result<()> {
65 let mut config_descriptor_buffer = [0; 128];
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]66 let config_descriptor_size = bcc_format_config_descriptor(
Jiyong Parkb87f3302023-03-21 10:03:11 +0900[diff] [blame]67 Some(cstr!("vm_entry")),
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]68 None, // component_version
69 false, // resettable
Alan Stokesc4354b82023-05-04 16:06:52 +0100[diff] [blame]70 &mut config_descriptor_buffer,
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]71 )?;
72 let config = &config_descriptor_buffer[..config_descriptor_size];
73
Alan Stokesc4354b82023-05-04 16:06:52 +0100[diff] [blame]74 let dice_inputs = InputValues::new(
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]75 self.code_hash,
76 Config::Descriptor(config),
77 self.auth_hash,
78 self.mode,
79 *salt,
Alan Stokesc4354b82023-05-04 16:06:52 +0100[diff] [blame]80 );
81 let _ = bcc_handover_main_flow(current_bcc_handover, &dice_inputs, next_bcc)?;
82 Ok(())
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]83 }
Pierre-Clément Tosi4f4f5eb2022-12-08 14:31:42 +0000[diff] [blame]84}
Pierre-Clément Tosibec84662023-01-04 14:25:33 +0000[diff] [blame]85
86/// Flushes data caches over the provided address range.
87///
88/// # Safety
89///
90/// The provided address and size must be to a valid address range (typically on the stack, .bss,
91/// .data, or provided BCC).
92#[no_mangle]
93unsafe extern "C" fn DiceClearMemory(_ctx: *mut c_void, size: usize, addr: *mut c_void) {
Andrew Walbran20bb4e42023-07-07 13:55:55 +0100[diff] [blame]94 // SAFETY: We must trust that the slice will be valid arrays/variables on the C code stack.
Pierre-Clément Tosibec84662023-01-04 14:25:33 +0000[diff] [blame]95 let region = unsafe { slice::from_raw_parts_mut(addr as *mut u8, size) };
96 flushed_zeroize(region)
97}