From adeff0c917721b875ecf7f8b36aebe21e199de20 Mon Sep 17 00:00:00 2001
From: Carl Lundin <clundin@google.com>
Date: Fri, 8 Nov 2024 15:28:02 -0800
Subject: [PATCH] Don't copy manifest2 onto the stack

---
 FROZEN_IMAGES.sha384sum          |  4 ++--
 rom/dev/src/flow/update_reset.rs | 14 +++++++++-----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/FROZEN_IMAGES.sha384sum b/FROZEN_IMAGES.sha384sum
index d5bb5388ab..778b1b47ce 100644
--- a/FROZEN_IMAGES.sha384sum
+++ b/FROZEN_IMAGES.sha384sum
@@ -1,3 +1,3 @@
 # WARNING: Do not update this file without the approval of the Caliptra TAC
-fc4ceed3891771c263c42eb56bdfff3026e1baf75e48b09bad58aaf562aea1a31f5df6636ac90f3aab73d533f03f0e5d  caliptra-rom-no-log.bin
-e6254e3492969108c1340b2f662d82ab72572f38fab970990c72bdb03f0bfbfd18f6a16a5f273df8fd0faf5aefe9c138  caliptra-rom-with-log.bin
+133bf3969893178e041b61001d75bfb504be3b3676cac608a40877f1e4b46b4855f86c1859cfc3e22745327102fba4b0  caliptra-rom-no-log.bin
+44f5bbbc4b71d7f0926f85b7d81ef7e17f721557b38379b650497eb8dd19d0a74ab5a1e2177c7e99653a878d2daed3b3  caliptra-rom-with-log.bin
diff --git a/rom/dev/src/flow/update_reset.rs b/rom/dev/src/flow/update_reset.rs
index 9d09c0a495..b30cc5f750 100644
--- a/rom/dev/src/flow/update_reset.rs
+++ b/rom/dev/src/flow/update_reset.rs
@@ -62,7 +62,7 @@ impl UpdateResetFlow {
                 return Err(CaliptraError::ROM_UPDATE_RESET_FLOW_INVALID_FIRMWARE_COMMAND);
             }
 
-            let manifest = Self::load_manifest(env.persistent_data.get_mut(), &mut recv_txn)?;
+            Self::load_manifest(env.persistent_data.get_mut(), &mut recv_txn)?;
             report_boot_status(UpdateResetLoadManifestComplete.into());
 
             let mut venv = FirmwareImageVerificationEnv {
@@ -75,7 +75,10 @@ impl UpdateResetFlow {
                 image: recv_txn.raw_mailbox_contents(),
             };
 
-            let info = Self::verify_image(&mut venv, &manifest, recv_txn.dlen());
+            let info = {
+                let manifest = &env.persistent_data.get().manifest2;
+                Self::verify_image(&mut venv, manifest, recv_txn.dlen())
+            };
             let info = okref(&info)?;
             report_boot_status(UpdateResetImageVerificationComplete.into());
 
@@ -91,7 +94,8 @@ impl UpdateResetFlow {
                 info.vendor_ecc_pub_key_idx
             );
 
-            Self::load_image(&manifest, &mut recv_txn)?;
+            let manifest = &env.persistent_data.get().manifest2;
+            Self::load_image(manifest, &mut recv_txn)?;
             Ok(())
         };
         if let Err(e) = process_txn() {
@@ -197,9 +201,9 @@ impl UpdateResetFlow {
     fn load_manifest(
         persistent_data: &mut PersistentData,
         txn: &mut MailboxRecvTxn,
-    ) -> CaliptraResult<ImageManifest> {
+    ) -> CaliptraResult<()> {
         txn.copy_request(persistent_data.manifest2.as_bytes_mut())?;
-        Ok(persistent_data.manifest2)
+        Ok(())
     }
 
     /// Populate data vault