From b4c1d6ba5971253db780a7615de428345729961d Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Tue, 14 Apr 2026 18:02:46 +0000 Subject: [PATCH 1/8] add support for platform root key --- dev_tests/src/ratchet.rs | 4 +- litebox_platform_lvbs/src/host/lvbs_impl.rs | 37 +++++++++++++++++++ litebox_platform_lvbs/src/host/mod.rs | 2 + .../src/lib.rs | 6 +++ litebox_shim_optee/src/syscalls/pta.rs | 14 ++++--- 5 files changed, 56 insertions(+), 7 deletions(-) diff --git a/dev_tests/src/ratchet.rs b/dev_tests/src/ratchet.rs index 339967240..bc2d82108 100644 --- a/dev_tests/src/ratchet.rs +++ b/dev_tests/src/ratchet.rs @@ -36,8 +36,8 @@ fn ratchet_globals() -> Result<()> { ("dev_bench/", 1), ("litebox/", 9), ("litebox_platform_linux_kernel/", 6), - ("litebox_platform_linux_userland/", 5), - ("litebox_platform_lvbs/", 23), + ("litebox_platform_linux_userland/", 6), + ("litebox_platform_lvbs/", 24), ("litebox_platform_multiplex/", 1), ("litebox_platform_windows_userland/", 8), ("litebox_runner_lvbs/", 6), diff --git a/litebox_platform_lvbs/src/host/lvbs_impl.rs b/litebox_platform_lvbs/src/host/lvbs_impl.rs index 8bb1f415b..d0be9b534 100644 --- a/litebox_platform_lvbs/src/host/lvbs_impl.rs +++ b/litebox_platform_lvbs/src/host/lvbs_impl.rs @@ -114,6 +114,43 @@ impl litebox::platform::CrngProvider for LvbsLinuxKernel { } } +/// Length of the Platform Root Key in bytes. +#[cfg(feature = "optee_syscall")] +pub const PRK_LEN: usize = 32; + +#[cfg(feature = "optee_syscall")] +static PRK_ONCE: spin::Once<[u8; PRK_LEN]> = spin::Once::new(); + +/// Sets the Platform Root Key (PRK) for this platform. +/// +/// This should be called once during platform initialization with a key derived +/// from hardware or a boot nonce. +/// +/// # Panics +/// Panics if `key` length does not match `PRK_LEN`. +#[cfg(feature = "optee_syscall")] +pub fn set_platform_root_key(key: &[u8]) { + assert_eq!(key.len(), PRK_LEN, "Platform Root Key length mismatch"); + PRK_ONCE.call_once(|| { + let mut prk = [0u8; PRK_LEN]; + prk.copy_from_slice(key); + prk + }); +} + +#[cfg(feature = "optee_syscall")] +impl litebox::platform::PlatformRootKeyProvider for LvbsLinuxKernel { + fn platform_root_key(&self) -> Result<&[u8], litebox::platform::PlatformRootKeyError> { + PRK_ONCE + .get() + .map(<[u8; PRK_LEN]>::as_slice) + .ok_or(litebox::platform::PlatformRootKeyError) + } +} + +#[cfg(not(feature = "optee_syscall"))] +impl litebox::platform::PlatformRootKeyProvider for LvbsLinuxKernel {} + pub struct HostLvbsInterface; impl HostLvbsInterface {} diff --git a/litebox_platform_lvbs/src/host/mod.rs b/litebox_platform_lvbs/src/host/mod.rs index 48fa248e8..ecf266380 100644 --- a/litebox_platform_lvbs/src/host/mod.rs +++ b/litebox_platform_lvbs/src/host/mod.rs @@ -8,6 +8,8 @@ pub mod lvbs_impl; pub mod per_cpu_variables; pub use lvbs_impl::LvbsLinuxKernel; +#[cfg(feature = "optee_syscall")] +pub use lvbs_impl::{PRK_LEN, set_platform_root_key}; #[cfg(test)] pub mod mock; diff --git a/litebox_runner_optee_on_linux_userland/src/lib.rs b/litebox_runner_optee_on_linux_userland/src/lib.rs index 5ca4e17e8..7a215064d 100644 --- a/litebox_runner_optee_on_linux_userland/src/lib.rs +++ b/litebox_runner_optee_on_linux_userland/src/lib.rs @@ -3,6 +3,7 @@ use anyhow::{Context as _, Result}; use clap::Parser; +use litebox::platform::CrngProvider; use litebox_common_optee::{TeeUuid, UteeEntryFunc, UteeParamOwned}; use litebox_platform_multiplex::Platform; use litebox_shim_optee::session::allocate_session_id; @@ -85,6 +86,11 @@ pub fn run(cli_args: CliArgs) -> Result<()> { let _litebox = shim_builder.litebox(); let shim = shim_builder.build(); + // For now, we use a random PRK for this runner. We can get one via command line if needed. + let mut prk = [0u8; litebox_platform_linux_userland::PRK_LEN]; + platform.fill_bytes_crng(&mut prk); + litebox_platform_linux_userland::set_platform_root_key(&prk); + if cli_args.command_sequence.is_empty() { run_ta_with_default_commands(&shim, ldelf_data.as_slice(), prog_data.as_slice()); } else { diff --git a/litebox_shim_optee/src/syscalls/pta.rs b/litebox_shim_optee/src/syscalls/pta.rs index 0c1000b47..a21bebbbb 100644 --- a/litebox_shim_optee/src/syscalls/pta.rs +++ b/litebox_shim_optee/src/syscalls/pta.rs @@ -6,7 +6,7 @@ use crate::{Task, UserConstPtr, UserMutPtr}; use litebox::{ - platform::{RawConstPointer as _, RawMutPointer as _}, + platform::{PlatformRootKeyProvider, RawConstPointer as _, RawMutPointer as _}, utils::TruncateExt, }; use litebox_common_optee::{TeeParamType, TeeResult, TeeUuid, UteeParams}; @@ -115,17 +115,21 @@ impl Task { let output_addr: usize = output.0.truncate(); let output_ptr = UserMutPtr::::from_usize(output_addr); - // TODO: checks whether output is within the secure memory - // TODO: derive a TA unique key using the hardware unique key (HUK), TA's UUID, and `extra_data` litebox_util_log::debug!( ptr:% = format_args!("{:#x}", output_addr), size:% = output_len; "derive key into secure memory" ); - // TODO: replace below with a secure key derivation function + let huk = self + .global + .platform + .platform_root_key() + .map_err(|_| TeeResult::NoData)?; + // TODO: the below is a place holder. Replace it with a secure key derivation function (next PR) let mut key_buf = alloc::vec![0u8; output_len]; - self.sys_cryp_random_number_generate(&mut key_buf)?; + let copy_len = core::cmp::min(key_buf.len(), huk.len()); + key_buf[..copy_len].copy_from_slice(&huk[..copy_len]); output_ptr .copy_from_slice(0, &key_buf) .ok_or(TeeResult::BadParameters)?; From 6946365c5e8d50945cf13c7998ef2351dca3fb07 Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Wed, 15 Apr 2026 15:36:16 +0000 Subject: [PATCH 2/8] set_platform_root_key for LVBS --- litebox_platform_lvbs/src/mshv/error.rs | 8 +++++-- litebox_platform_lvbs/src/mshv/mod.rs | 4 ++++ litebox_platform_lvbs/src/mshv/vsm.rs | 31 +++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 2 deletions(-) diff --git a/litebox_platform_lvbs/src/mshv/error.rs b/litebox_platform_lvbs/src/mshv/error.rs index 5d6274be5..ebcd09368 100644 --- a/litebox_platform_lvbs/src/mshv/error.rs +++ b/litebox_platform_lvbs/src/mshv/error.rs @@ -106,7 +106,7 @@ pub enum VsmError { OperationNotSupported(&'static str), // VTL0 Memory Copy Errors - #[error("failed to copy data to VTL0")] + #[error("failed to copy data from/to VTL0")] Vtl0CopyFailed, // Hypercall Errors @@ -152,6 +152,9 @@ pub enum VsmError { #[error("symbol name contains invalid UTF-8")] SymbolNameInvalidUtf8, + + #[error("root key is invalid")] + PlatformRootKeyInvalid, } impl From for VsmError { @@ -217,7 +220,8 @@ impl From for Errno { | VsmError::SymbolNameInvalidUtf8 | VsmError::SymbolNameNoTerminator | VsmError::CertificateDerLengthInvalid { .. } - | VsmError::CertificateParseFailed => Errno::EINVAL, + | VsmError::CertificateParseFailed + | VsmError::PlatformRootKeyInvalid => Errno::EINVAL, // Signature verification failures delegate to VerificationError's Errno mapping VsmError::SignatureVerificationFailed(e) => Errno::from(e), diff --git a/litebox_platform_lvbs/src/mshv/mod.rs b/litebox_platform_lvbs/src/mshv/mod.rs index 12f8a5207..826daaa39 100644 --- a/litebox_platform_lvbs/src/mshv/mod.rs +++ b/litebox_platform_lvbs/src/mshv/mod.rs @@ -128,6 +128,9 @@ pub const VSM_VTL_CALL_FUNC_ID_KEXEC_VALIDATE: u32 = 0x1_ffea; pub const VSM_VTL_CALL_FUNC_ID_PATCH_TEXT: u32 = 0x1_ffeb; pub const VSM_VTL_CALL_FUNC_ID_ALLOCATE_RINGBUFFER_MEMORY: u32 = 0x1_ffec; +// This VSM function ID for setting the platform root key is subject to change +pub const VSM_VTL_CALL_FUNC_ID_SET_PLATFORM_ROOT_KEY: u32 = 0x1_ffed; + // This VSM function ID for OP-TEE messages is subject to change pub const VSM_VTL_CALL_FUNC_ID_OPTEE_MESSAGE: u32 = 0x1_fff0; @@ -150,6 +153,7 @@ pub enum VsmFunction { PatchText = VSM_VTL_CALL_FUNC_ID_PATCH_TEXT, OpteeMessage = VSM_VTL_CALL_FUNC_ID_OPTEE_MESSAGE, AllocateRingbufferMemory = VSM_VTL_CALL_FUNC_ID_ALLOCATE_RINGBUFFER_MEMORY, + SetPlatformRootKey = VSM_VTL_CALL_FUNC_ID_SET_PLATFORM_ROOT_KEY, } pub const MSR_EFER: u32 = 0xc000_0080; diff --git a/litebox_platform_lvbs/src/mshv/vsm.rs b/litebox_platform_lvbs/src/mshv/vsm.rs index f66989fa3..6a075ad36 100644 --- a/litebox_platform_lvbs/src/mshv/vsm.rs +++ b/litebox_platform_lvbs/src/mshv/vsm.rs @@ -9,9 +9,11 @@ use crate::mshv::ringbuffer::set_ringbuffer; use crate::{ debug_serial_println, host::{ + PRK_LEN, bootparam::get_vtl1_memory_info, linux::{CpuMask, KEXEC_SEGMENT_MAX, Kimage}, per_cpu_variables::with_per_cpu_variables, + set_platform_root_key, }, mshv::{ HV_REGISTER_CR_INTERCEPT_CONTROL, HV_REGISTER_CR_INTERCEPT_CR0_MASK, @@ -894,6 +896,34 @@ fn mshv_vsm_allocate_ringbuffer_memory(phys_addr: u64, size: usize) -> Result Result { + if crate::platform_low().vtl0_kernel_info.check_end_of_boot() { + return Err(VsmError::OperationAfterEndOfBoot("set platform root key")); + } + + let key_pa = PhysAddr::try_new(key_pa).map_err(|_| VsmError::InvalidPhysicalAddress)?; + let key_size: usize = key_size.truncate(); + if key_size != PRK_LEN { + return Err(VsmError::PlatformRootKeyInvalid); + } + + let mut keybuf = [0u8; PRK_LEN]; + if unsafe { crate::platform_low().copy_slice_from_vtl0_phys(key_pa, &mut keybuf) } { + set_platform_root_key(&keybuf); + Ok(0) + } else { + Err(VsmError::Vtl0CopyFailed) + } +} + /// VSM function dispatcher pub fn vsm_dispatch(func_id: VsmFunction, params: &[u64]) -> i64 { let result: Result = match func_id { @@ -917,6 +947,7 @@ pub fn vsm_dispatch(func_id: VsmFunction, params: &[u64]) -> i64 { let size: usize = params[1].truncate(); mshv_vsm_allocate_ringbuffer_memory(params[0], size) } + VsmFunction::SetPlatformRootKey => mshv_vsm_set_platform_root_key(params[0], params[1]), VsmFunction::OpteeMessage => Err(VsmError::OperationNotSupported("OP-TEE communication")), }; match result { From b69f664f8e833c98d08d9ea4d8d3266358acb228 Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Thu, 16 Apr 2026 23:31:30 +0000 Subject: [PATCH 3/8] drop PlatformRootKeyProvider --- litebox_platform_lvbs/src/host/lvbs_impl.rs | 13 ------------- litebox_runner_optee_on_linux_userland/src/lib.rs | 6 ------ litebox_shim_optee/src/syscalls/pta.rs | 11 ++--------- 3 files changed, 2 insertions(+), 28 deletions(-) diff --git a/litebox_platform_lvbs/src/host/lvbs_impl.rs b/litebox_platform_lvbs/src/host/lvbs_impl.rs index d0be9b534..553591ac7 100644 --- a/litebox_platform_lvbs/src/host/lvbs_impl.rs +++ b/litebox_platform_lvbs/src/host/lvbs_impl.rs @@ -138,19 +138,6 @@ pub fn set_platform_root_key(key: &[u8]) { }); } -#[cfg(feature = "optee_syscall")] -impl litebox::platform::PlatformRootKeyProvider for LvbsLinuxKernel { - fn platform_root_key(&self) -> Result<&[u8], litebox::platform::PlatformRootKeyError> { - PRK_ONCE - .get() - .map(<[u8; PRK_LEN]>::as_slice) - .ok_or(litebox::platform::PlatformRootKeyError) - } -} - -#[cfg(not(feature = "optee_syscall"))] -impl litebox::platform::PlatformRootKeyProvider for LvbsLinuxKernel {} - pub struct HostLvbsInterface; impl HostLvbsInterface {} diff --git a/litebox_runner_optee_on_linux_userland/src/lib.rs b/litebox_runner_optee_on_linux_userland/src/lib.rs index 7a215064d..5ca4e17e8 100644 --- a/litebox_runner_optee_on_linux_userland/src/lib.rs +++ b/litebox_runner_optee_on_linux_userland/src/lib.rs @@ -3,7 +3,6 @@ use anyhow::{Context as _, Result}; use clap::Parser; -use litebox::platform::CrngProvider; use litebox_common_optee::{TeeUuid, UteeEntryFunc, UteeParamOwned}; use litebox_platform_multiplex::Platform; use litebox_shim_optee::session::allocate_session_id; @@ -86,11 +85,6 @@ pub fn run(cli_args: CliArgs) -> Result<()> { let _litebox = shim_builder.litebox(); let shim = shim_builder.build(); - // For now, we use a random PRK for this runner. We can get one via command line if needed. - let mut prk = [0u8; litebox_platform_linux_userland::PRK_LEN]; - platform.fill_bytes_crng(&mut prk); - litebox_platform_linux_userland::set_platform_root_key(&prk); - if cli_args.command_sequence.is_empty() { run_ta_with_default_commands(&shim, ldelf_data.as_slice(), prog_data.as_slice()); } else { diff --git a/litebox_shim_optee/src/syscalls/pta.rs b/litebox_shim_optee/src/syscalls/pta.rs index a21bebbbb..41bbbaa5d 100644 --- a/litebox_shim_optee/src/syscalls/pta.rs +++ b/litebox_shim_optee/src/syscalls/pta.rs @@ -6,7 +6,7 @@ use crate::{Task, UserConstPtr, UserMutPtr}; use litebox::{ - platform::{PlatformRootKeyProvider, RawConstPointer as _, RawMutPointer as _}, + platform::{RawConstPointer as _, RawMutPointer as _}, utils::TruncateExt, }; use litebox_common_optee::{TeeParamType, TeeResult, TeeUuid, UteeParams}; @@ -121,15 +121,8 @@ impl Task { size:% = output_len; "derive key into secure memory" ); - let huk = self - .global - .platform - .platform_root_key() - .map_err(|_| TeeResult::NoData)?; - // TODO: the below is a place holder. Replace it with a secure key derivation function (next PR) let mut key_buf = alloc::vec![0u8; output_len]; - let copy_len = core::cmp::min(key_buf.len(), huk.len()); - key_buf[..copy_len].copy_from_slice(&huk[..copy_len]); + self.sys_cryp_random_number_generate(&mut key_buf)?; output_ptr .copy_from_slice(0, &key_buf) .ok_or(TeeResult::BadParameters)?; From 1eb8dee4fc43649e5625da1875044424a1d8b84a Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Thu, 16 Apr 2026 23:39:54 +0000 Subject: [PATCH 4/8] ratchet and minor fix --- dev_tests/src/ratchet.rs | 2 +- litebox_shim_optee/src/syscalls/pta.rs | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/dev_tests/src/ratchet.rs b/dev_tests/src/ratchet.rs index bc2d82108..d5b76f069 100644 --- a/dev_tests/src/ratchet.rs +++ b/dev_tests/src/ratchet.rs @@ -36,7 +36,7 @@ fn ratchet_globals() -> Result<()> { ("dev_bench/", 1), ("litebox/", 9), ("litebox_platform_linux_kernel/", 6), - ("litebox_platform_linux_userland/", 6), + ("litebox_platform_linux_userland/", 5), ("litebox_platform_lvbs/", 24), ("litebox_platform_multiplex/", 1), ("litebox_platform_windows_userland/", 8), diff --git a/litebox_shim_optee/src/syscalls/pta.rs b/litebox_shim_optee/src/syscalls/pta.rs index 41bbbaa5d..a8be183d1 100644 --- a/litebox_shim_optee/src/syscalls/pta.rs +++ b/litebox_shim_optee/src/syscalls/pta.rs @@ -121,6 +121,7 @@ impl Task { size:% = output_len; "derive key into secure memory" ); + // TODO: replace below with a secure key derivation function let mut key_buf = alloc::vec![0u8; output_len]; self.sys_cryp_random_number_generate(&mut key_buf)?; output_ptr From 931693f4a9283efdabbb3fede9aaa275d695ce25 Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Fri, 17 Apr 2026 02:03:15 +0000 Subject: [PATCH 5/8] make root key universal --- litebox_platform_lvbs/src/host/lvbs_impl.rs | 3 --- litebox_platform_lvbs/src/host/mod.rs | 1 - 2 files changed, 4 deletions(-) diff --git a/litebox_platform_lvbs/src/host/lvbs_impl.rs b/litebox_platform_lvbs/src/host/lvbs_impl.rs index 553591ac7..e678fe111 100644 --- a/litebox_platform_lvbs/src/host/lvbs_impl.rs +++ b/litebox_platform_lvbs/src/host/lvbs_impl.rs @@ -115,10 +115,8 @@ impl litebox::platform::CrngProvider for LvbsLinuxKernel { } /// Length of the Platform Root Key in bytes. -#[cfg(feature = "optee_syscall")] pub const PRK_LEN: usize = 32; -#[cfg(feature = "optee_syscall")] static PRK_ONCE: spin::Once<[u8; PRK_LEN]> = spin::Once::new(); /// Sets the Platform Root Key (PRK) for this platform. @@ -128,7 +126,6 @@ static PRK_ONCE: spin::Once<[u8; PRK_LEN]> = spin::Once::new(); /// /// # Panics /// Panics if `key` length does not match `PRK_LEN`. -#[cfg(feature = "optee_syscall")] pub fn set_platform_root_key(key: &[u8]) { assert_eq!(key.len(), PRK_LEN, "Platform Root Key length mismatch"); PRK_ONCE.call_once(|| { diff --git a/litebox_platform_lvbs/src/host/mod.rs b/litebox_platform_lvbs/src/host/mod.rs index ecf266380..0ac8271fa 100644 --- a/litebox_platform_lvbs/src/host/mod.rs +++ b/litebox_platform_lvbs/src/host/mod.rs @@ -8,7 +8,6 @@ pub mod lvbs_impl; pub mod per_cpu_variables; pub use lvbs_impl::LvbsLinuxKernel; -#[cfg(feature = "optee_syscall")] pub use lvbs_impl::{PRK_LEN, set_platform_root_key}; #[cfg(test)] From e673f6142400d6a0256185e0589531f067b2a991 Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Tue, 21 Apr 2026 21:53:51 +0000 Subject: [PATCH 6/8] revise mshv_vsm_set_platform_root_key signature --- litebox_platform_lvbs/src/mshv/vsm.rs | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/litebox_platform_lvbs/src/mshv/vsm.rs b/litebox_platform_lvbs/src/mshv/vsm.rs index 6a075ad36..7e5c954f6 100644 --- a/litebox_platform_lvbs/src/mshv/vsm.rs +++ b/litebox_platform_lvbs/src/mshv/vsm.rs @@ -898,22 +898,16 @@ fn mshv_vsm_allocate_ringbuffer_memory(phys_addr: u64, size: usize) -> Result Result { +/// This function assumes that the caller stores key bytes in a single or +/// contiguous physical memory page(s), whose length is equal to `PRK_LEN`. +fn mshv_vsm_set_platform_root_key(key_pa: u64) -> Result { if crate::platform_low().vtl0_kernel_info.check_end_of_boot() { return Err(VsmError::OperationAfterEndOfBoot("set platform root key")); } let key_pa = PhysAddr::try_new(key_pa).map_err(|_| VsmError::InvalidPhysicalAddress)?; - let key_size: usize = key_size.truncate(); - if key_size != PRK_LEN { - return Err(VsmError::PlatformRootKeyInvalid); - } let mut keybuf = [0u8; PRK_LEN]; if unsafe { crate::platform_low().copy_slice_from_vtl0_phys(key_pa, &mut keybuf) } { @@ -947,7 +941,7 @@ pub fn vsm_dispatch(func_id: VsmFunction, params: &[u64]) -> i64 { let size: usize = params[1].truncate(); mshv_vsm_allocate_ringbuffer_memory(params[0], size) } - VsmFunction::SetPlatformRootKey => mshv_vsm_set_platform_root_key(params[0], params[1]), + VsmFunction::SetPlatformRootKey => mshv_vsm_set_platform_root_key(params[0]), VsmFunction::OpteeMessage => Err(VsmError::OperationNotSupported("OP-TEE communication")), }; match result { From 7813ac9559a654b14b7a4702c489c5ddd47744cb Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Fri, 1 May 2026 20:57:19 +0000 Subject: [PATCH 7/8] zeroize and remove unused error type --- Cargo.lock | 1 + litebox_platform_lvbs/Cargo.toml | 1 + litebox_platform_lvbs/src/host/lvbs_impl.rs | 5 +++-- litebox_platform_lvbs/src/mshv/error.rs | 6 +----- litebox_platform_lvbs/src/mshv/vsm.rs | 7 ++++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ad0c763ca..e43cffa1c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1572,6 +1572,7 @@ dependencies = [ "x509-cert", "x86_64", "zerocopy", + "zeroize", ] [[package]] diff --git a/litebox_platform_lvbs/Cargo.toml b/litebox_platform_lvbs/Cargo.toml index 992dc508e..0c628a346 100644 --- a/litebox_platform_lvbs/Cargo.toml +++ b/litebox_platform_lvbs/Cargo.toml @@ -32,6 +32,7 @@ digest = { version = "0.10.7", default-features = false } aligned-vec = { version = "0.6.4", default-features = false } raw-cpuid = "11.6.0" zerocopy = { version = "0.8", default-features = false, features = ["derive"] } +zeroize = { version = "1.8", default-features = false } [target.'cfg(target_arch = "x86_64")'.dependencies] x86_64 = { version = "0.15.2", default-features = false, features = ["instructions"] } diff --git a/litebox_platform_lvbs/src/host/lvbs_impl.rs b/litebox_platform_lvbs/src/host/lvbs_impl.rs index e678fe111..0896d5bf0 100644 --- a/litebox_platform_lvbs/src/host/lvbs_impl.rs +++ b/litebox_platform_lvbs/src/host/lvbs_impl.rs @@ -7,6 +7,7 @@ use crate::{ Errno, HostInterface, arch::ioport::serial_print_string, host::per_cpu_variables::with_per_cpu_variables, }; +use zeroize::Zeroizing; pub type LvbsLinuxKernel = crate::LinuxKernel; @@ -129,9 +130,9 @@ static PRK_ONCE: spin::Once<[u8; PRK_LEN]> = spin::Once::new(); pub fn set_platform_root_key(key: &[u8]) { assert_eq!(key.len(), PRK_LEN, "Platform Root Key length mismatch"); PRK_ONCE.call_once(|| { - let mut prk = [0u8; PRK_LEN]; + let mut prk = Zeroizing::new([0u8; PRK_LEN]); prk.copy_from_slice(key); - prk + *prk }); } diff --git a/litebox_platform_lvbs/src/mshv/error.rs b/litebox_platform_lvbs/src/mshv/error.rs index ebcd09368..aa767b78f 100644 --- a/litebox_platform_lvbs/src/mshv/error.rs +++ b/litebox_platform_lvbs/src/mshv/error.rs @@ -152,9 +152,6 @@ pub enum VsmError { #[error("symbol name contains invalid UTF-8")] SymbolNameInvalidUtf8, - - #[error("root key is invalid")] - PlatformRootKeyInvalid, } impl From for VsmError { @@ -220,8 +217,7 @@ impl From for Errno { | VsmError::SymbolNameInvalidUtf8 | VsmError::SymbolNameNoTerminator | VsmError::CertificateDerLengthInvalid { .. } - | VsmError::CertificateParseFailed - | VsmError::PlatformRootKeyInvalid => Errno::EINVAL, + | VsmError::CertificateParseFailed => Errno::EINVAL, // Signature verification failures delegate to VerificationError's Errno mapping VsmError::SignatureVerificationFailed(e) => Errno::from(e), diff --git a/litebox_platform_lvbs/src/mshv/vsm.rs b/litebox_platform_lvbs/src/mshv/vsm.rs index 7e5c954f6..9470d0add 100644 --- a/litebox_platform_lvbs/src/mshv/vsm.rs +++ b/litebox_platform_lvbs/src/mshv/vsm.rs @@ -58,6 +58,7 @@ use x86_64::{ }; use x509_cert::{Certificate, der::Decode}; use zerocopy::{FromBytes, FromZeros, Immutable, IntoBytes, KnownLayout}; +use zeroize::Zeroizing; #[derive(Copy, Clone, FromBytes, Immutable, KnownLayout)] #[repr(align(4096))] @@ -909,9 +910,9 @@ fn mshv_vsm_set_platform_root_key(key_pa: u64) -> Result { let key_pa = PhysAddr::try_new(key_pa).map_err(|_| VsmError::InvalidPhysicalAddress)?; - let mut keybuf = [0u8; PRK_LEN]; - if unsafe { crate::platform_low().copy_slice_from_vtl0_phys(key_pa, &mut keybuf) } { - set_platform_root_key(&keybuf); + let mut keybuf = Zeroizing::new([0u8; PRK_LEN]); + if unsafe { crate::platform_low().copy_slice_from_vtl0_phys(key_pa, &mut *keybuf) } { + set_platform_root_key(&*keybuf); Ok(0) } else { Err(VsmError::Vtl0CopyFailed) From 4d668673de7169aa7db6a4f89b4b65b259f9a316 Mon Sep 17 00:00:00 2001 From: Sangho Lee Date: Mon, 4 May 2026 15:41:17 +0000 Subject: [PATCH 8/8] fix scope --- litebox_platform_lvbs/src/host/lvbs_impl.rs | 4 ++-- litebox_platform_lvbs/src/host/mod.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/litebox_platform_lvbs/src/host/lvbs_impl.rs b/litebox_platform_lvbs/src/host/lvbs_impl.rs index 0896d5bf0..977461a69 100644 --- a/litebox_platform_lvbs/src/host/lvbs_impl.rs +++ b/litebox_platform_lvbs/src/host/lvbs_impl.rs @@ -116,7 +116,7 @@ impl litebox::platform::CrngProvider for LvbsLinuxKernel { } /// Length of the Platform Root Key in bytes. -pub const PRK_LEN: usize = 32; +pub(crate) const PRK_LEN: usize = 32; static PRK_ONCE: spin::Once<[u8; PRK_LEN]> = spin::Once::new(); @@ -127,7 +127,7 @@ static PRK_ONCE: spin::Once<[u8; PRK_LEN]> = spin::Once::new(); /// /// # Panics /// Panics if `key` length does not match `PRK_LEN`. -pub fn set_platform_root_key(key: &[u8]) { +pub(crate) fn set_platform_root_key(key: &[u8]) { assert_eq!(key.len(), PRK_LEN, "Platform Root Key length mismatch"); PRK_ONCE.call_once(|| { let mut prk = Zeroizing::new([0u8; PRK_LEN]); diff --git a/litebox_platform_lvbs/src/host/mod.rs b/litebox_platform_lvbs/src/host/mod.rs index 0ac8271fa..197836bc7 100644 --- a/litebox_platform_lvbs/src/host/mod.rs +++ b/litebox_platform_lvbs/src/host/mod.rs @@ -8,7 +8,7 @@ pub mod lvbs_impl; pub mod per_cpu_variables; pub use lvbs_impl::LvbsLinuxKernel; -pub use lvbs_impl::{PRK_LEN, set_platform_root_key}; +pub(crate) use lvbs_impl::{PRK_LEN, set_platform_root_key}; #[cfg(test)] pub mod mock;