On 5/27/26 7:05 PM, Collin Walling wrote:
On 5/5/26 16:18, Zhuoying Cai wrote:
+ } vce;
+ } __attribute__((__aligned__(4096))) vcb = { 0 };
+
+ /* Get Verification Certificate Storage Size block with DIAG320 subcode 1
*/
+ if (zipl_secure_get_vcssb() == NULL) {
+ return 0;
+ }
+
+ /*
+ * Request single entry
+ * Fill input fields of single-entry VCB
+ *
+ * First and last index must be equal because only one
+ * VCE per VCB is currently supported
+ */
The last sentence is misleading because it seems like the DIAG 320
implementation *only* allows for a single VCE to be retrieved, but in
reality it allows for a range of entries to be retrieved.
Yes, but no. DIAG320 can, potentially, accept a range of indices and
return a
remaining verification certificate count (RVCC) if there is not enough
memory to
store the entire range in one VCB, however the implementation here does not
provide any logic to handle a non-zero RVCC. As such, only one VCE is
supported
per VCB in the current implementation. Either additional logic needs to be
added to support non-zero RVCC or we need this comment to note that only one
VCE per VCB is, currently, supported.
+ vcb.vcb_hdr.in_len = ROUND_UP(vcssb.max_single_vcb_len, PAGE_SIZE);
+ vcb.vcb_hdr.first_vc_index = index;
+ vcb.vcb_hdr.last_vc_index = index;
+
+ if (_diag320(&vcb, DIAG_320_SUBC_STORE_VC) != DIAG_320_RC_OK) {
+ return 0;
Maybe move the puts("Could not get certificate"); to here so it's
consistent with the other error cases?
+ }
+
+ if (vcb.vcb_hdr.out_len == sizeof(VCBlockHeader)) {
+ puts("No certificate entry");
+ return 0;
+ }
+
+ if (vcb.vcb_hdr.remain_ct != 0) {
+ panic("Not enough memory to store all requested certificates");
Shouldn't this be "to store requested certificate" since this function
aims to request only one cert?
Also, is there a reason for the panic? Why not just puts and return 0
like the rest? The program will still terminate, but a little more
gracefully that way.
I agree that the message itself could be more clear, but the reason this
is a
panic is because it only triggers if the requested certificate is larger
than
the MAX_CERT_SIZE, which should never happen at this point (it would be
caught
earlier in the process when building the cert store I think). There should
always be enough memory to hold at least one certificate, and only one
certificate should ever be requested (due to the restriction above), so, if
DIAG320 returns a non-zero RVCC it would indicate some sort of corruption in
the cert store, which in my opinion should trigger an immediate panic.
Regards,
Jared Rossi
