| commit | 0362f7f22c97bf6fc999f7db800a639509dea734 | [log] [tgz] |
|---|---|---|
| author | Alice Wang <aliceywang@google.com> | Thu Mar 21 08:16:26 2024 +0000 |
| committer | Alice Wang <aliceywang@google.com> | Thu Mar 21 15:57:13 2024 +0000 |
| tree | 8d0efbe2fa750a91ed69ca6e975137481242ea14 | |
| parent | ab86c8364b0c7e2f7479a65172884786f783194f [diff] |
[attestation] Add API to check AVF RKP Hal presence in VM Attestation This cl adds a new API in VirtualMachineManager to check whether remote attestation is supported on a device. Since Remote Attestation is a strongly recommended feature for Android V, the new API is needed to determine whether we should proceed with the Remote Attestation CTS tests. Bug: 329652894 Test: atest MicrodroidTests Change-Id: I0941914e7a5f1a483705d3faf7091b47ada41b1f
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl index e11d8b8..e2063a9 100644 --- a/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl +++ b/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl
@@ -86,4 +86,9 @@ * associated to the fake key pair when the VM requests attestation in testing mode. */ void enableTestAttestation(); + + /** + * Returns {@code true} if the pVM remote attestation feature is supported + */ + boolean isRemoteAttestationSupported(); }
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl index 8af881b..c6575c8 100644 --- a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl +++ b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
@@ -77,6 +77,11 @@ void enableTestAttestation(); /** + * Returns {@code true} if the pVM remote attestation feature is supported + */ + boolean isRemoteAttestationSupported(); + + /** * Get a list of assignable devices. */ AssignableDevice[] getAssignableDevices();
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs index 208bdce..5ddb8c3 100644 --- a/virtualizationservice/src/aidl.rs +++ b/virtualizationservice/src/aidl.rs
@@ -355,6 +355,10 @@ Ok(certificate_chain) } + fn isRemoteAttestationSupported(&self) -> binder::Result<bool> { + remotely_provisioned_component_service_exists() + } + fn getAssignableDevices(&self) -> binder::Result<Vec<AssignableDevice>> { check_use_custom_virtual_machine()?;