Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 06de09066f1cd77df4e0f384d6ffa5ca3f571298^! / . / guest / pvmfw
commit06de09066f1cd77df4e0f384d6ffa5ca3f571298[log] [tgz]
authorGil Cukierman <cukie@google.com>Wed Mar 19 11:28:53 2025 -0400
committerGil Cukierman <cukie@google.com>Wed Mar 19 13:54:01 2025 -0400
tree4c1bc05d52d9be4a7ab92d1014e483068919a04a
parent87baaef7c86f0b1ddef3f78045e0ce22eaa9dbc8 [diff]
trusty: Add unique component names to each vm

Since trusty system vms are signed with the same key, component names
help us build VM-specific dice policies. The com.android.virt.name
property is used as the component_name in the dice leaf derived for
each vm payload.

Bug: 401286789
Test: m trusty_test_vm_signed_bin
Test: Manually validate footer with avbtool info_image --image {path_to_bin}
Change-Id: I19339d13c1d54a573a6272326e06d9a37de61c84

diff --git a/guest/pvmfw/avb/tests/api_test.rs b/guest/pvmfw/avb/tests/api_test.rs
index b3899d9..b8ec0bf 100644
--- a/guest/pvmfw/avb/tests/api_test.rs
+++ b/guest/pvmfw/avb/tests/api_test.rs

@@ -71,6 +71,7 @@
         expected_rollback_index,
         vec![Capability::TrustySecurityVm],
         None,
+        Some("trusty_test_vm".to_owned()),
     )
 }
 

diff --git a/guest/pvmfw/avb/tests/utils.rs b/guest/pvmfw/avb/tests/utils.rs
index 227daa2..38541c5 100644
--- a/guest/pvmfw/avb/tests/utils.rs
+++ b/guest/pvmfw/avb/tests/utils.rs

@@ -148,6 +148,7 @@
     expected_rollback_index: u64,
     capabilities: Vec<Capability>,
     page_size: Option<usize>,
+    expected_name: Option<String>,
 ) -> Result<()> {
     let public_key = load_trusted_public_key()?;
     let verified_boot_data = verify_payload(
@@ -168,7 +169,7 @@
         capabilities,
         rollback_index: expected_rollback_index,
         page_size,
-        name: None,
+        name: expected_name,
     };
     assert_eq!(expected_boot_data, verified_boot_data);