[rkpvm] Implement RKP VM rollback protection in pvmfw Bug: 313608221 Test: atest rialto_test Change-Id: Iba3836cae1b2df16d0da69f80310ff0552961c95

commit: 12e4c865f5369710412f2567571a18ff9bb9ebae [log] [tgz]
author: Alice Wang <aliceywang@google.com> Mon Dec 11 13:52:27 2023 +0000
committer: Alice Wang <aliceywang@google.com> Wed Dec 13 13:06:26 2023 +0000
tree: 3b9e5b6bf23d521b36b2aaea487e46b3878a923e
parent: 418f16b6d1116806cdb2c1bff8fa49ed2b6d2000 [diff] [blame]
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 8aa5274..1d55a84 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs

@@ -115,6 +115,17 @@
 
     if verified_boot_data.has_capability(Capability::RemoteAttest) {
         info!("Service VM capable of remote attestation detected");
+        if service_vm_version::VERSION != verified_boot_data.rollback_index {
+            // For RKP VM, we only boot if the version in the AVB footer of its kernel matches
+            // the one embedded in pvmfw at build time.
+            // This prevents the pvmfw from booting a roll backed RKP VM.
+            error!(
+                "Service VM version mismatch: expected {}, found {}",
+                service_vm_version::VERSION,
+                verified_boot_data.rollback_index
+            );
+            return Err(RebootReason::InvalidPayload);
+        }
     }
 
     if verified_boot_data.has_capability(Capability::SecretkeeperProtection) {
commit	12e4c865f5369710412f2567571a18ff9bb9ebae	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Mon Dec 11 13:52:27 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Wed Dec 13 13:06:26 2023 +0000
tree	3b9e5b6bf23d521b36b2aaea487e46b3878a923e
parent	418f16b6d1116806cdb2c1bff8fa49ed2b6d2000 [diff] [blame]