Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 19f64f09bd63aae7b038e9259cc3c2e17af10e58^1..19f64f09bd63aae7b038e9259cc3c2e17af10e58 / .
commit19f64f09bd63aae7b038e9259cc3c2e17af10e58[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Thu Feb 29 18:49:21 2024 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Feb 29 18:49:21 2024 +0000
tree424eecdcc8e85b06e035e30d00cc9e1c4f005cc6
parentb728edcb2e9fb60829a29c299aa01c2c8e75f023 [diff]
parente7d4b67f363cd69ab39ba8eae8888f3cd0882d59 [diff]
Merge "defer-rollback-protection: property in guest DT" into main am: e7d4b67f36

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2983171

Change-Id: Idd355ae4e0949174927161ca4451b09cb0b9959c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 961bb24..ea3a481 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs

@@ -375,7 +375,8 @@
             check_gdb_allowed(config)?;
         }
 
-        // Currently, VirtMgr adds the host copy of reference DT & an untrusted prop (instance-id)
+        // Currently, VirtMgr adds the host copy of reference DT & untrusted properties
+        // (e.g. instance-id)
         let host_ref_dt = Path::new(VM_REFERENCE_DT_ON_HOST_PATH);
         let host_ref_dt = if host_ref_dt.exists()
             && read_dir(host_ref_dt).or_service_specific_exception(-1)?.next().is_some()
@@ -404,12 +405,16 @@
         };
 
         let instance_id;
-        let untrusted_props = if cfg!(llpvm_changes) {
+        let mut untrusted_props = Vec::with_capacity(2);
+        if cfg!(llpvm_changes) {
             instance_id = extract_instance_id(config);
-            vec![(cstr!("instance-id"), &instance_id[..])]
-        } else {
-            vec![]
-        };
+            untrusted_props.push((cstr!("instance-id"), &instance_id[..]));
+            if is_secretkeeper_supported() {
+                // Let guest know that it can defer rollback protection to Secretkeeper by setting
+                // an empty property in untrusted node in DT. This enables Updatable VMs.
+                untrusted_props.push((cstr!("defer-rollback-protection"), &[]))
+            }
+        }
 
         let device_tree_overlay =
             if host_ref_dt.is_some() || !untrusted_props.is_empty() || !trusted_props.is_empty() {
@@ -1501,7 +1506,7 @@
     }
 
     fn getSecretkeeper(&self) -> binder::Result<Option<Strong<dyn ISecretkeeper>>> {
-        let sk = if is_secretkeeper_present() {
+        let sk = if is_secretkeeper_supported() {
             Some(binder::wait_for_interface(SECRETKEEPER_IDENTIFIER)?)
         } else {
             None
@@ -1514,7 +1519,7 @@
     }
 }
 
-fn is_secretkeeper_present() -> bool {
+fn is_secretkeeper_supported() -> bool {
     binder::is_declared(SECRETKEEPER_IDENTIFIER)
         .expect("Could not check for declared Secretkeeper interface")
 }