Fix: Update FFI WrappedVlekHashstick and SnpVlekLoad

WrappedVlekHashstick now owns the VLEK byte data ([u8; 432]) instead of borrowing it via a reference.
This change ensures that the structure is self-contained and safely passed to the kernel, which expects a pointer to a buffer that includes the full hashstick data.
Referencing the buffer (even with careful lifetime management) was not working reliably and added complexity. Owning the data is simpler, safer, and easier to maintain.

SnpVlekLoad.len is now correctly set to the size of the SnpVlekLoad struct, not the size of the hashstick.
According to the SEV-SNP spec, this field represents the size of the command buffer, not the size of the payload.

Signed-off-by: DGonzalezVillal <Diego.GonzalezVillalobos@amd.com>

Author: DGonzalezVillal

src/firmware/linux/host/types/snp.rs

@@ -251,23 +251,23 @@ impl Default for SnpSetConfig {
     }
 }
 
-// Length defined in the Linux Kernel for the IOCTL.
+// Expected length for the VLEK hashstick.
 const HASHSTICK_BUFFER_LEN: usize = 432;
 
 #[cfg(feature = "snp")]
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 #[repr(C, packed)]
-/// Wrapped VLEK data.
-pub struct WrappedVlekHashstick<'a> {
+/// Wrapped VLEK data for FFI layer.
+pub struct WrappedVlekHashstick {
     /// Wrapped VLEK data provided by AMD Key Distribution Server as bytes.
-    /// Address to this data is passed to the AMD Secure Processor.
-    pub data: &'a [u8], // 432 bytes of data
+    /// Address to this data is passed to the kernel.
+    pub data: [u8; HASHSTICK_BUFFER_LEN],
 }
 
-impl<'a, 'b: 'a> std::convert::TryFrom<&'b [u8]> for WrappedVlekHashstick<'a> {
+impl std::convert::TryFrom<&[u8]> for WrappedVlekHashstick {
     type Error = HashstickError;
 
-    fn try_from(value: &'b [u8]) -> Result<Self, Self::Error> {
+    fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
         if value.len() != HASHSTICK_BUFFER_LEN {
             return Err(HashstickError::InvalidLength);
         }
@@ -287,7 +287,10 @@ impl<'a, 'b: 'a> std::convert::TryFrom<&'b [u8]> for WrappedVlekHashstick<'a> {
             return Err(HashstickError::InvalidReservedField);
         }
 
-        Ok(Self { data: value })
+        let mut data = [0u8; HASHSTICK_BUFFER_LEN];
+        data.copy_from_slice(value);
+
+        Ok(Self { data })
     }
 }
 
@@ -296,15 +299,15 @@ impl<'a, 'b: 'a> std::convert::TryFrom<&'b [u8]> for WrappedVlekHashstick<'a> {
 #[repr(C, packed)]
 /// Structure used to load a VLEK hashstick into the AMD Secure Processor.
 pub struct SnpVlekLoad {
-    /// Length of the command buffer read by the AMD Secure Processor.
+    /// Length of this command buffer in bytes.
     pub len: u32,
 
     /// Version of wrapped VLEK hashstick (Must be 0h).
     pub vlek_wrapped_version: u8,
 
     _reserved: [u8; 3],
 
-    /// Address of wrapped VLEK hashstick ([WrappedVlekHashstick])
+    /// System Physical Address of wrapped VLEK hashstick ([WrappedVlekHashstick])
     pub vlek_wrapped_address: u64,
 }
 
@@ -316,10 +319,10 @@ impl SnpVlekLoad {
     }
 }
 
-impl<'a> std::convert::From<&WrappedVlekHashstick<'a>> for SnpVlekLoad {
-    fn from(value: &WrappedVlekHashstick<'a>) -> Self {
+impl From<&WrappedVlekHashstick> for SnpVlekLoad {
+    fn from(value: &WrappedVlekHashstick) -> Self {
         Self {
-            len: value.data.len() as u32,
+            len: std::mem::size_of::<SnpVlekLoad>() as u32,
             vlek_wrapped_version: 0u8,
             _reserved: Default::default(),
             vlek_wrapped_address: value as *const WrappedVlekHashstick as u64,
@@ -463,7 +466,7 @@ mod test {
         #[test]
         fn test_bytes_to_wrapped_hashstick() {
             let bytes: [u8; HASHSTICK_BUFFER_LEN] = VALID_HASHSTICK_BYTES;
-            let expected: WrappedVlekHashstick = WrappedVlekHashstick { data: &bytes };
+            let expected: WrappedVlekHashstick = WrappedVlekHashstick { data: bytes };
             let actual: WrappedVlekHashstick =
                 WrappedVlekHashstick::try_from(VALID_HASHSTICK_BYTES.as_slice()).unwrap();