<...snip...>
On 2/12/2026 12:43 PM, Zhuoying Cai wrote:
uint8_t vcssb_data[VCSSB_MIN_LEN] __attribute__((__aligned__(PAGE_SIZE)));
I don't see us setting vcssb_data set to 0 before we even start secure
ipl verification. I think we should be safe and set it to 0 before the
first time we touch this? otherwise if its pointing to garbage data it
can break the length checks.
Thanks
Farhan
+
+VCStorageSizeBlock *zipl_secure_get_vcssb(void)
+{
+ VCStorageSizeBlock *vcssb;
+
+ vcssb = (VCStorageSizeBlock *)vcssb_data;
+ /* avoid retrieving vcssb multiple times */
+ if (vcssb->length >= VCSSB_MIN_LEN) {
+ return vcssb;
+ }
+
+ if (!is_cert_store_facility_supported()) {
+ puts("Certificate Store Facility is not supported by the hypervisor!");
+ return NULL;
+ }
+
+ vcssb->length = VCSSB_MIN_LEN;
+ if (diag320(vcssb, DIAG_320_SUBC_QUERY_VCSI) != DIAG_320_RC_OK) {
+ return NULL;
+ }
+
+ return vcssb;
+}
<...snip...>
