[automerger skipped] Revert^2 "Skip changingDebuggability related tests on Non-pVM" am: b3fcdc1566 -s ours
am skip reason: Merged-In Ic2818a8f513c778ad1f5217d3641398c8df1719d with SHA-1 4386ffd7c7 is already in history
Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2780908
Change-Id: I0ad6e87ce0b2efafc5dfd94b477d2a8563d49d9b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index a1377c4..e34e425 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -721,6 +721,7 @@
strict_boot: bool,
debug_policy: Option<&mut [u8]>,
debuggable: bool,
+ kaslr_seed: u64,
) -> libfdt::Result<()> {
if let Some(debug_policy) = debug_policy {
let backup = Vec::from(fdt.as_slice());
@@ -741,6 +742,7 @@
set_or_clear_chosen_flag(fdt, cstr!("avf,strict-boot"), strict_boot)?;
set_or_clear_chosen_flag(fdt, cstr!("avf,new-instance"), new_instance)?;
+ fdt.chosen_mut()?.unwrap().setprop_inplace(cstr!("kaslr-seed"), &kaslr_seed.to_be_bytes())?;
if !debuggable {
if let Some(bootargs) = read_bootargs_from(fdt)? {
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 21521da..9b18616 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -148,13 +148,25 @@
})?;
flush(next_bcc);
+ let kaslr_seed = u64::from_ne_bytes(rand::random_array().map_err(|e| {
+ error!("Failed to generated guest KASLR seed: {e}");
+ RebootReason::InternalError
+ })?);
let strict_boot = true;
let debuggable = verified_boot_data.debug_level != DebugLevel::None;
- modify_for_next_stage(fdt, next_bcc, new_instance, strict_boot, debug_policy, debuggable)
- .map_err(|e| {
- error!("Failed to configure device tree: {e}");
- RebootReason::InternalError
- })?;
+ modify_for_next_stage(
+ fdt,
+ next_bcc,
+ new_instance,
+ strict_boot,
+ debug_policy,
+ debuggable,
+ kaslr_seed,
+ )
+ .map_err(|e| {
+ error!("Failed to configure device tree: {e}");
+ RebootReason::InternalError
+ })?;
info!("Starting payload...");
diff --git a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
index 32ebf21..4e1d238 100644
--- a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
+++ b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
@@ -20,8 +20,6 @@
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.TruthJUnit.assume;
-import static org.junit.Assume.assumeTrue;
-
import android.app.Instrumentation;
import android.app.UiAutomation;
import android.content.Context;
@@ -560,8 +558,4 @@
protected interface RunTestsAgainstTestService {
void runTests(ITestService testService, TestResults testResults) throws Exception;
}
-
- protected void assumeProtectedVM() {
- assumeTrue("Skip on non-protected VM", mProtectedVm);
- }
}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 028e54c..8303791 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -928,18 +928,12 @@
@Test
@CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-7"})
public void changingNonDebuggableVmDebuggableInvalidatesVmIdentity() throws Exception {
- // Debuggability changes initrd which is verified by pvmfw.
- // Therefore, skip this on non-protected VM.
- assumeProtectedVM();
changeDebugLevel(DEBUG_LEVEL_NONE, DEBUG_LEVEL_FULL);
}
@Test
@CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-7"})
public void changingDebuggableVmNonDebuggableInvalidatesVmIdentity() throws Exception {
- // Debuggability changes initrd which is verified by pvmfw.
- // Therefore, skip this on non-protected VM.
- assumeProtectedVM();
changeDebugLevel(DEBUG_LEVEL_FULL, DEBUG_LEVEL_NONE);
}