commit 22e7045288f46768d0e6a58562a9f3e9e701d2a2
author Shikha Panwar <shikhapanwar@google.com> Mon Oct 10 18:32:55 2022 +0000
committer Shikha Panwar <shikhapanwar@google.com> Wed Oct 12 08:45:51 2022 +0000
tree 8643c3a79030186fa88ef90947c8fa07d9aa0003
parent 6e9a0bc68a5e9ee997cb2576e46bbf1859756557

Add persistent backing for encrypted storage in VM

Virtualization service will allow clients to pass the file that will
back the (encrypted) storage inside VM.

This patch:
1. Exposes (optional) encryptedStorageImage in VirtualMachineAppConfig.
2. Expose it as a block device to VM (by including it as partition in a
   writable disk).

Test: bin/vm run-app --storage -> inspect the block device in vm
Bug: 241543632
Change-Id: I9adbe832bda2c5f5a749d8614f056f51244ae52c

virtualizationservice/src/payload.rs

diff --git a/virtualizationservice/src/payload.rs b/virtualizationservice/src/payload.rs
index 82aa760..b6df500 100644
--- a/virtualizationservice/src/payload.rs
+++ b/virtualizationservice/src/payload.rs
@@ -363,13 +363,10 @@
         .collect()
 }
 
-pub fn add_microdroid_images(
+pub fn add_microdroid_system_images(
     config: &VirtualMachineAppConfig,
-    temporary_directory: &Path,
-    apk_file: File,
-    idsig_file: File,
     instance_file: File,
-    vm_payload_config: &VmPayloadConfig,
+    storage_image: Option<File>,
     vm_config: &mut VirtualMachineRawConfig,
 ) -> Result<()> {
     let debug_suffix = match config.debugLevel {
@@ -381,12 +378,37 @@
     let initrd = format!("/apex/com.android.virt/etc/microdroid_initrd_{}.img", debug_suffix);
     vm_config.initrd = Some(open_parcel_file(Path::new(&initrd), false)?);
 
-    let instance_img = Partition {
+    let mut writable_partitions = vec![Partition {
         label: "vm-instance".to_owned(),
         image: Some(ParcelFileDescriptor::new(instance_file)),
         writable: true,
-    };
-    vm_config.disks.push(DiskImage { image: None, partitions: vec![instance_img], writable: true });
+    }];
+
+    if let Some(file) = storage_image {
+        writable_partitions.push(Partition {
+            label: "encrypted-storage".to_owned(),
+            image: Some(ParcelFileDescriptor::new(file)),
+            writable: true,
+        });
+    }
+
+    vm_config.disks.push(DiskImage {
+        image: None,
+        partitions: writable_partitions,
+        writable: true,
+    });
+
+    Ok(())
+}
+
+pub fn add_microdroid_payload_images(
+    config: &VirtualMachineAppConfig,
+    temporary_directory: &Path,
+    apk_file: File,
+    idsig_file: File,
+    vm_payload_config: &VmPayloadConfig,
+    vm_config: &mut VirtualMachineRawConfig,
+) -> Result<()> {
     vm_config.disks.push(make_payload_disk(
         config,
         apk_file,