[avb] Define rust API for image verification and connect pvmfw
This CL
- defines the image verification rust API using avb_bindgen.
- defines the return error enum for the API.
- invokes the API from pvmfw.
- adds e2e test for the pvmfw run without error scenario.
Bug: 256148034
Test: atest MicrodroidHostTests
Change-Id: I272e9b8031e34137dca761b66ffabab264f055dd
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index b78e077..0da24c7 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -13,6 +13,7 @@
],
rustlibs: [
"libaarch64_paging",
+ "libavb_nostd",
"libbuddy_system_allocator",
"liblibfdt",
"liblog_rust_nostd",
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index 7859ff3..a274210 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -45,6 +45,8 @@
InvalidPayload,
/// The provided ramdisk was invalid.
InvalidRamdisk,
+ /// Failed to verify the payload.
+ PayloadVerificationError,
}
main!(start);
@@ -223,7 +225,10 @@
let slices = MemorySlices::new(fdt, payload, payload_size, &mut memory)?;
// This wrapper allows main() to be blissfully ignorant of platform details.
- crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc);
+ crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc).map_err(|e| {
+ error!("Failed to verify the payload: {e}");
+ RebootReason::PayloadVerificationError
+ })?;
// TODO: Overwrite BCC before jumping to payload to avoid leaking our sealing key.
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 6810fda..3d5629a 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -32,9 +32,16 @@
mod smccc;
use avb::PUBLIC_KEY;
+use avb_nostd::{verify_image, AvbImageVerifyError};
use log::{debug, info};
-fn main(fdt: &libfdt::Fdt, signed_kernel: &[u8], ramdisk: Option<&[u8]>, bcc: &[u8]) {
+/// TODO(b/256148034): Return RebootReason as error here
+fn main(
+ fdt: &libfdt::Fdt,
+ signed_kernel: &[u8],
+ ramdisk: Option<&[u8]>,
+ bcc: &[u8],
+) -> Result<(), AvbImageVerifyError> {
info!("pVM firmware");
debug!("FDT: {:?}", fdt as *const libfdt::Fdt);
debug!("Signed kernel: {:?} ({:#x} bytes)", signed_kernel.as_ptr(), signed_kernel.len());
@@ -44,6 +51,7 @@
debug!("Ramdisk: None");
}
debug!("BCC: {:?} ({:#x} bytes)", bcc.as_ptr(), bcc.len());
- debug!("AVB public key: addr={:?}, size={:#x} ({1})", PUBLIC_KEY.as_ptr(), PUBLIC_KEY.len());
- info!("Starting payload...");
+ verify_image(signed_kernel, PUBLIC_KEY)?;
+ info!("Payload verified. Starting payload...");
+ Ok(())
}