1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Support for DICE derivation and BCC generation.
16
17 use crate::cstr;
18 use crate::helpers::flushed_zeroize;
19 use core::ffi::c_void;
20 use core::ffi::CStr;
21 use core::mem::size_of;
22 use core::slice;
23
24 use diced_open_dice::{
25 bcc_format_config_descriptor, hash, Config, DiceMode, Hash, InputValues, HIDDEN_SIZE,
26 };
27 use pvmfw_avb::{DebugLevel, Digest, VerifiedBootData};
28
to_dice_mode(debug_level: DebugLevel) -> DiceMode29 fn to_dice_mode(debug_level: DebugLevel) -> DiceMode {
30 match debug_level {
31 DebugLevel::None => DiceMode::kDiceModeNormal,
32 DebugLevel::Full => DiceMode::kDiceModeDebug,
33 }
34 }
35
to_dice_hash(verified_boot_data: &VerifiedBootData) -> diced_open_dice::Result<Hash>36 fn to_dice_hash(verified_boot_data: &VerifiedBootData) -> diced_open_dice::Result<Hash> {
37 let mut digests = [0u8; size_of::<Digest>() * 2];
38 digests[..size_of::<Digest>()].copy_from_slice(&verified_boot_data.kernel_digest);
39 if let Some(initrd_digest) = verified_boot_data.initrd_digest {
40 digests[size_of::<Digest>()..].copy_from_slice(&initrd_digest);
41 }
42 hash(&digests)
43 }
44
45 pub struct PartialInputs {
46 pub code_hash: Hash,
47 pub auth_hash: Hash,
48 pub mode: DiceMode,
49 }
50
51 impl PartialInputs {
new(data: &VerifiedBootData) -> diced_open_dice::Result<Self>52 pub fn new(data: &VerifiedBootData) -> diced_open_dice::Result<Self> {
53 let code_hash = to_dice_hash(data)?;
54 let auth_hash = hash(data.public_key)?;
55 let mode = to_dice_mode(data.debug_level);
56
57 Ok(Self { code_hash, auth_hash, mode })
58 }
59
into_input_values( self, salt: &[u8; HIDDEN_SIZE], config_descriptor_buffer: &mut [u8], ) -> diced_open_dice::Result<InputValues>60 pub fn into_input_values(
61 self,
62 salt: &[u8; HIDDEN_SIZE],
63 config_descriptor_buffer: &mut [u8],
64 ) -> diced_open_dice::Result<InputValues> {
65 let config_descriptor_size = bcc_format_config_descriptor(
66 Some(cstr!("vm_entry")),
67 None, // component_version
68 false, // resettable
69 config_descriptor_buffer,
70 )?;
71 let config = &config_descriptor_buffer[..config_descriptor_size];
72
73 Ok(InputValues::new(
74 self.code_hash,
75 Config::Descriptor(config),
76 self.auth_hash,
77 self.mode,
78 *salt,
79 ))
80 }
81 }
82
83 /// Flushes data caches over the provided address range.
84 ///
85 /// # Safety
86 ///
87 /// The provided address and size must be to a valid address range (typically on the stack, .bss,
88 /// .data, or provided BCC).
89 #[no_mangle]
DiceClearMemory(_ctx: *mut c_void, size: usize, addr: *mut c_void)90 unsafe extern "C" fn DiceClearMemory(_ctx: *mut c_void, size: usize, addr: *mut c_void) {
91 // SAFETY - We must trust that the slice will be valid arrays/variables on the C code stack.
92 let region = unsafe { slice::from_raw_parts_mut(addr as *mut u8, size) };
93 flushed_zeroize(region)
94 }
95