Merge "Latest kernel SecretkeeperProtection capability" into main
diff --git a/pvmfw/avb/tests/utils.rs b/pvmfw/avb/tests/utils.rs
index 70eba5f..cf37fcf 100644
--- a/pvmfw/avb/tests/utils.rs
+++ b/pvmfw/avb/tests/utils.rs
@@ -22,7 +22,9 @@
AvbVBMetaImageHeader,
};
use openssl::sha;
-use pvmfw_avb::{verify_payload, DebugLevel, Digest, PvmfwVerifyError, VerifiedBootData};
+use pvmfw_avb::{
+ verify_payload, Capability, DebugLevel, Digest, PvmfwVerifyError, VerifiedBootData,
+};
use std::{
fs,
mem::{size_of, transmute, MaybeUninit},
@@ -110,13 +112,15 @@
let footer = extract_avb_footer(&kernel)?;
let kernel_digest =
hash(&[&hash(&[b"bootloader"]), &kernel[..usize::try_from(footer.original_image_size)?]]);
+ let capabilities =
+ if cfg!(llpvm_changes) { vec![Capability::SecretkeeperProtection] } else { vec![] };
let initrd_digest = Some(hash(&[&hash(&[initrd_salt]), initrd]));
let expected_boot_data = VerifiedBootData {
debug_level: expected_debug_level,
kernel_digest,
initrd_digest,
public_key: &public_key,
- capabilities: vec![],
+ capabilities,
rollback_index: if cfg!(llpvm_changes) { 1 } else { 0 },
};
assert_eq!(expected_boot_data, verified_boot_data);