Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 0b4a26223b5d3bcc1b8318f724a714f8d03326fd^1..0b4a26223b5d3bcc1b8318f724a714f8d03326fd / .
commit0b4a26223b5d3bcc1b8318f724a714f8d03326fd[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Fri Mar 31 15:29:30 2023 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Fri Mar 31 15:29:30 2023 +0000
tree951eab4e38be088b4155ba93afb6538b7786b8fa
parentea0d6de7996a2a2a962eb79669797b7caf95dc83 [diff]
parentd42c24b625d103b499db9820296690ff8e84fa78 [diff]
Merge "Ensure no AVF debug policy in locked device"
diff --git a/microdroid/README.md b/microdroid/README.md
index f70965a..71be7d0 100644
--- a/microdroid/README.md
+++ b/microdroid/README.md

@@ -181,7 +181,8 @@
 
 microdroid can be started with debugging features by debug policies from the
 host. Host bootloader may provide debug policies to host OS's device tree for
-VMs.
+VMs. Host bootloader MUST NOT provide debug policies for locked devices for
+security reasons.
 
 For protected VM, such device tree will be available in microdroid. microdroid
 can check which debuging features is enabled.

diff --git a/pvmfw/README.md b/pvmfw/README.md
index 41f37b4..2d2b253 100644
--- a/pvmfw/README.md
+++ b/pvmfw/README.md

@@ -245,7 +245,10 @@
 Config header can provide a DTBO to be overlaid on top of the baseline device
 tree from crosvm.
 
-The DTBO may contain debug policies as follows.
+The DTBO may contain debug policies. Debug policies MUST NOT be provided for
+locked devices for security reasons.
+
+Here are an example of DTBO.
 
 ```
 / {

diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 2027fcd..dabb31d 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java

@@ -928,6 +928,21 @@
         checkHashAlgorithm(virtApexEtcDir);
     }
 
+    @Test
+    @CddTest
+    public void testNoAvfDebugPolicyInLockedDevice() throws Exception {
+        ITestDevice device = getDevice();
+
+        // Check device's locked state with ro.boot.verifiedbootstate. ro.boot.flash.locked
+        // may not be set if ro.oem_unlock_supported is false.
+        String lockProp = device.getProperty("ro.boot.verifiedbootstate");
+        assumeFalse("Unlocked devices may have AVF debug policy", lockProp.equals("orange"));
+
+        // Test that AVF debug policy doesn't exist.
+        boolean hasDebugPolicy = device.doesFileExist("/sys/firmware/devicetree/base/avf");
+        assertThat(hasDebugPolicy).isFalse();
+    }
+
     private String avbInfo(String image_path) throws Exception {
         File avbtool = findTestFile("avbtool");
         List<String> command =