pvmfw: Integrate verify_payload
Call the payload verification function that has until now been developed
in userspace, as part of libpvmfw_avb_nostd.
Bug: 256148034
Test: atest MicrodroidHostTests
Change-Id: I899084346156a341e91dc8dbf7f04093f8331925
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 4d1ddfe..b0177bf 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -34,7 +34,7 @@
mod smccc;
use crate::{
- avb::PUBLIC_KEY, // Keep the public key here otherwise the signing script will be broken.
+ avb::PUBLIC_KEY,
entry::RebootReason,
memory::MemoryTracker,
pci::{find_virtio_devices, map_mmio},
@@ -43,6 +43,7 @@
use fdtpci::{PciError, PciInfo};
use libfdt::Fdt;
use log::{debug, error, info, trace};
+use pvmfw_avb::verify_payload;
fn main(
fdt: &Fdt,
@@ -71,6 +72,11 @@
let mut pci_root = unsafe { pci_info.make_pci_root() };
find_virtio_devices(&mut pci_root).map_err(handle_pci_error)?;
+ verify_payload(signed_kernel, PUBLIC_KEY).map_err(|e| {
+ error!("Failed to verify the payload: {e}");
+ RebootReason::PayloadVerificationError
+ })?;
+
info!("Starting payload...");
Ok(())
}