Address the code reviews on aosp/1866834.
This CL addresses the code reviews received on aosp/1866834 after it is
merged.
Test: test-runner
Bug: 198196633
Change-Id: If598bd5fa4201bc1c80b5a45316249b6b19a6a08
diff --git a/interface/include/interface/hwbcc/hwbcc.h b/interface/include/interface/hwbcc/hwbcc.h
index 52fb95e..8c59410 100644
--- a/interface/include/interface/hwbcc/hwbcc.h
+++ b/interface/include/interface/hwbcc/hwbcc.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef TRUSTY_INTERFACE_HWBCC_H
-#define TRUSTY_INTERFACE_HWBCC_H
+#pragma once
#include <lk/compiler.h>
#include <stdint.h>
@@ -73,6 +72,4 @@
};
STATIC_ASSERT(sizeof(struct hwbcc_resp_hdr) == 12);
-#define HWBCC_MAX_RESP_PAYLOAD_SIZE 1024
-
-#endif /*TRUSTY_INTERFACE_HWBCC_H*/
\ No newline at end of file
+#define HWBCC_MAX_RESP_PAYLOAD_SIZE 1024
\ No newline at end of file
diff --git a/ql-tipc/hwbcc.c b/ql-tipc/hwbcc.c
index 52cf109..10f0bca 100644
--- a/ql-tipc/hwbcc.c
+++ b/ql-tipc/hwbcc.c
@@ -14,10 +14,10 @@
* limitations under the License.
*/
-#include <assert.h>
#include <trusty/hwbcc.h>
#include <trusty/trusty_ipc.h>
#include <trusty/util.h>
+
#include <uapi/uapi/err.h>
static struct trusty_ipc_chan hwbcc_chan;
@@ -31,9 +31,8 @@
trusty_assert(dev);
trusty_ipc_chan_init(&hwbcc_chan, dev);
- /* connect to hwbcc service and wait for connect to complete */
trusty_debug("In hwbcc_tipc_init: connecting to hwbcc service.\n");
- int rc = trusty_ipc_connect(&hwbcc_chan, HWBCC_PORT, true);
+ int rc = trusty_ipc_connect(&hwbcc_chan, HWBCC_PORT, true /*wait*/);
if (rc < 0) {
trusty_error("In hwbcc_tipc_init:: failed (%d) to connect to '%s'.\n",
rc, HWBCC_PORT);
@@ -99,13 +98,6 @@
return TRUSTY_ERR_GENERIC;
}
- if (resp_hdr.payload_size > HWBCC_MAX_RESP_PAYLOAD_SIZE ||
- resp_hdr.payload_size > buf_size) {
- trusty_error("Response payload size is too large: %d\n",
- resp_hdr.payload_size);
- return TRUSTY_ERR_GENERIC;
- }
-
*out_size = resp_hdr.payload_size;
return rc;
}
@@ -144,8 +136,8 @@
uint8_t* dice_artifacts,
size_t dice_artifacts_buf_size,
size_t* dice_artifacts_size) {
- assert(dice_artifacts);
- assert(dice_artifacts_size);
+ trusty_assert(dice_artifacts);
+ trusty_assert(dice_artifacts_size);
struct hwbcc_req_hdr hdr;
hdr.cmd = HWBCC_CMD_GET_DICE_ARTIFACTS;
diff --git a/ql-tipc/include/trusty/hwbcc.h b/ql-tipc/include/trusty/hwbcc.h
index d1340a8..5f4e735 100644
--- a/ql-tipc/include/trusty/hwbcc.h
+++ b/ql-tipc/include/trusty/hwbcc.h
@@ -39,7 +39,15 @@
* non-secure world (e.g. ABL).
* @context: Context information passed in by the client.
* @dice_artifacts: Pointer to a buffer to store the CBOR encoded
- * DICE artifacts.
+ * DICE artifacts.
+ * CDDL of the DICE artifacts:
+ * BccHandover = {
+ * 1 : bstr .size 32, // CDI_Attest
+ * 2 : bstr .size 32, // CDI_Seal
+ * 3 : bstr .cbor Bcc, // Boot certificate chain
+ * }
+ * CDDL of Bcc:
+ * https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl;l=116
* @dice_artifacts_buf_size: Size of the buffer pointed by @dice_artifacts.
* @dice_artifacts_size: Actual size of the buffer used.
*/
@@ -48,7 +56,8 @@
size_t dice_artifacts_buf_size,
size_t* dice_artifacts_size);
/**
- * Deprivilege hwbcc from serving calls to non-secure clients.
+ * Deprivilege hwbcc from serving calls (i.e. stop serving calls after this
+ * point) to non-secure clients.
*/
int hwbcc_ns_deprivilege(void);
diff --git a/test-runner/test-runner.c b/test-runner/test-runner.c
index 8811b48..cb3209f 100644
--- a/test-runner/test-runner.c
+++ b/test-runner/test-runner.c
@@ -179,8 +179,8 @@
* 3 : Bcc, // Cert_Chain
* }
* Bcc = [
- * PubKeyEd25519, // UDS
- * + BccEntry, // Root -> leaf (KM_pub)
+ * PubKeyEd25519, // UDS (Unique Device Secret)
+ * + BccEntry, // Root -> leaf
* ]
*/
size_t UDS_encoded_size = 45;
@@ -189,7 +189,8 @@
UDS_encoded_size + bcc_entry_encoded_size + 1 /*array header*/;
size_t DICE_CDI_SIZE = 32;
size_t bcc_handover_size =
- 2 * DICE_CDI_SIZE + bcc_encoded_size + 8 /*map header*/;
+ 2 * DICE_CDI_SIZE + bcc_encoded_size +
+ 8 /*map header, map keys and two 32 bytes indicators*/;
if (resp_payload_size != bcc_handover_size) {
log_msg("hwbcc_get_dice_artifacts failed with incorrect response size.\n");