[avb] Define rust API for image verification and connect pvmfw

This CL
- defines the image verification rust API using avb_bindgen.
- defines the return error enum for the API.
- invokes the API from pvmfw.
- adds e2e test for the pvmfw run without error scenario.

Bug: 256148034
Test: atest MicrodroidHostTests
Change-Id: I272e9b8031e34137dca761b66ffabab264f055dd
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index b78e077..0da24c7 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -13,6 +13,7 @@
     ],
     rustlibs: [
         "libaarch64_paging",
+        "libavb_nostd",
         "libbuddy_system_allocator",
         "liblibfdt",
         "liblog_rust_nostd",
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index 7859ff3..a274210 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -45,6 +45,8 @@
     InvalidPayload,
     /// The provided ramdisk was invalid.
     InvalidRamdisk,
+    /// Failed to verify the payload.
+    PayloadVerificationError,
 }
 
 main!(start);
@@ -223,7 +225,10 @@
     let slices = MemorySlices::new(fdt, payload, payload_size, &mut memory)?;
 
     // This wrapper allows main() to be blissfully ignorant of platform details.
-    crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc);
+    crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc).map_err(|e| {
+        error!("Failed to verify the payload: {e}");
+        RebootReason::PayloadVerificationError
+    })?;
 
     // TODO: Overwrite BCC before jumping to payload to avoid leaking our sealing key.
 
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 6810fda..3d5629a 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -32,9 +32,16 @@
 mod smccc;
 
 use avb::PUBLIC_KEY;
+use avb_nostd::{verify_image, AvbImageVerifyError};
 use log::{debug, info};
 
-fn main(fdt: &libfdt::Fdt, signed_kernel: &[u8], ramdisk: Option<&[u8]>, bcc: &[u8]) {
+/// TODO(b/256148034): Return RebootReason as error here
+fn main(
+    fdt: &libfdt::Fdt,
+    signed_kernel: &[u8],
+    ramdisk: Option<&[u8]>,
+    bcc: &[u8],
+) -> Result<(), AvbImageVerifyError> {
     info!("pVM firmware");
     debug!("FDT: {:?}", fdt as *const libfdt::Fdt);
     debug!("Signed kernel: {:?} ({:#x} bytes)", signed_kernel.as_ptr(), signed_kernel.len());
@@ -44,6 +51,7 @@
         debug!("Ramdisk: None");
     }
     debug!("BCC: {:?} ({:#x} bytes)", bcc.as_ptr(), bcc.len());
-    debug!("AVB public key: addr={:?}, size={:#x} ({1})", PUBLIC_KEY.as_ptr(), PUBLIC_KEY.len());
-    info!("Starting payload...");
+    verify_image(signed_kernel, PUBLIC_KEY)?;
+    info!("Payload verified. Starting payload...");
+    Ok(())
 }