Merge "virtmgr: Check for all cpusets" into main
diff --git a/README.md b/README.md
index 1b092f6..827e55c 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,7 @@
AVF components:
* [pVM firmware](pvmfw/README.md)
+* [Android Boot Loader (ABL)](docs/abl.md)
* [Microdroid](microdroid/README.md)
* [Microdroid kernel](microdroid/kernel/README.md)
* [Microdroid payload](microdroid/payload/README.md)
diff --git a/docs/abl.md b/docs/abl.md
new file mode 100644
index 0000000..b08464e
--- /dev/null
+++ b/docs/abl.md
@@ -0,0 +1,53 @@
+# Android Bootloader (ABL)
+
+[ABL](https://source.android.com/docs/core/architecture/bootloader) is not a component of AVF, but
+it plays a crucial role in loading the necessary AVF components and initializing them in a correct
+way. This doc explains the responsibilities of ABL from the perspective of AVF.
+
+## pVM firmware (pvmfw)
+
+ABL is responsible for the followings:
+
+* locating pvmfw binary from the pvmfw partition,
+* verifying it as part of the [verified
+ boot](https://source.android.com/docs/security/features/verifiedboot) process,
+* loading it into memory, and
+* describing the region where pvmfw is loaded using DT and passing it to hypervisor.
+
+See [ABL Support](../pvmfw/README.md#android-bootloader-abl_support) for more detail.
+
+ABL is also responsible for constructing the pvmfw configuration data. The data consists of the
+following info:
+
+* DICE chain (also known as BCC Handover)
+* DTBO describing [debug policy](debug/README.md#debug-policy) (if available)
+* DTBO describing [assignable devices](device_assignment.md) (if available)
+* Reference DT carrying extra information that needs to be passed to the guest VM
+
+See [Configuration Data](../pvmfw/README.md#configuration-data) for more detail.
+
+## Android
+
+ABL is responsible for setting the following bootconfigs describing the status and capabilities of
+the hypervisor.
+
+* `androidboot.hypervisor.version`: free-form description of the hypervisor
+* `androidboot.hypervisor.vm.supported`: whether traditional VMs (i.e. non-protected VMS) are
+ supported or not
+* `androidboot.hypervisor.protected_vm.supported`: whether protected VMs are supported or not
+
+Thee bootconfigs are converted into system properties by the init process.
+
+See
+[HypervisorProperties.prop](https://android.googlesource.com/platform/system/libsysprop/+/refs/heads/main/srcs/android/sysprop/HypervisorProperties.sysprop)
+for more detail.
+
+
+
+
+
+
+
+
+
+
diff --git a/libs/libfdt/src/iterators.rs b/libs/libfdt/src/iterators.rs
index cb7afda..743c52b 100644
--- a/libs/libfdt/src/iterators.rs
+++ b/libs/libfdt/src/iterators.rs
@@ -33,7 +33,7 @@
impl<'a> CompatibleIterator<'a> {
pub(crate) fn new(fdt: &'a Fdt, compatible: &'a CStr) -> Result<Self, FdtError> {
- let node = fdt.root()?;
+ let node = fdt.root();
Ok(Self { node, compatible })
}
}
diff --git a/libs/libfdt/src/lib.rs b/libs/libfdt/src/lib.rs
index 3339262..2ec097a 100644
--- a/libs/libfdt/src/lib.rs
+++ b/libs/libfdt/src/lib.rs
@@ -669,7 +669,7 @@
///
/// NOTE: This does not support individual "/memory@XXXX" banks.
pub fn memory(&self) -> Result<MemRegIterator> {
- let node = self.root()?.subnode(cstr!("memory"))?.ok_or(FdtError::NotFound)?;
+ let node = self.root().subnode(cstr!("memory"))?.ok_or(FdtError::NotFound)?;
if node.device_type()? != Some(cstr!("memory")) {
return Err(FdtError::BadValue);
}
@@ -683,7 +683,7 @@
/// Returns the standard /chosen node.
pub fn chosen(&self) -> Result<Option<FdtNode>> {
- self.root()?.subnode(cstr!("chosen"))
+ self.root().subnode(cstr!("chosen"))
}
/// Returns the standard /chosen node as mutable.
@@ -692,13 +692,13 @@
}
/// Returns the root node of the tree.
- pub fn root(&self) -> Result<FdtNode> {
- Ok(FdtNode { fdt: self, offset: NodeOffset::ROOT })
+ pub fn root(&self) -> FdtNode {
+ FdtNode { fdt: self, offset: NodeOffset::ROOT }
}
/// Returns the standard /__symbols__ node.
pub fn symbols(&self) -> Result<Option<FdtNode>> {
- self.root()?.subnode(cstr!("__symbols__"))
+ self.root().subnode(cstr!("__symbols__"))
}
/// Returns the standard /__symbols__ node as mutable
@@ -738,8 +738,8 @@
}
/// Returns the mutable root node of the tree.
- pub fn root_mut(&mut self) -> Result<FdtNodeMut> {
- Ok(FdtNodeMut { fdt: self, offset: NodeOffset::ROOT })
+ pub fn root_mut(&mut self) -> FdtNodeMut {
+ FdtNodeMut { fdt: self, offset: NodeOffset::ROOT }
}
/// Returns a mutable tree node by its full path.
diff --git a/libs/libfdt/tests/api_test.rs b/libs/libfdt/tests/api_test.rs
index 8f5b76d..f521a00 100644
--- a/libs/libfdt/tests/api_test.rs
+++ b/libs/libfdt/tests/api_test.rs
@@ -81,7 +81,7 @@
let data = fs::read(TEST_TREE_WITH_NO_MEMORY_NODE_PATH).unwrap();
let fdt = Fdt::from_slice(&data).unwrap();
- let root = fdt.root().unwrap();
+ let root = fdt.root();
assert_eq!(root.name(), Ok(cstr!("")));
let chosen = fdt.chosen().unwrap().unwrap();
@@ -96,7 +96,7 @@
fn node_subnodes() {
let data = fs::read(TEST_TREE_WITH_NO_MEMORY_NODE_PATH).unwrap();
let fdt = Fdt::from_slice(&data).unwrap();
- let root = fdt.root().unwrap();
+ let root = fdt.root();
let expected = [Ok(cstr!("cpus")), Ok(cstr!("randomnode")), Ok(cstr!("chosen"))];
let root_subnodes = root.subnodes().unwrap();
@@ -108,7 +108,7 @@
fn node_properties() {
let data = fs::read(TEST_TREE_WITH_NO_MEMORY_NODE_PATH).unwrap();
let fdt = Fdt::from_slice(&data).unwrap();
- let root = fdt.root().unwrap();
+ let root = fdt.root();
let one_be = 0x1_u32.to_be_bytes();
type Result<T> = core::result::Result<T, FdtError>;
let expected: Vec<(Result<&CStr>, Result<&[u8]>)> = vec![
@@ -290,7 +290,7 @@
let fdt = Fdt::from_slice(&data).unwrap();
let name = cstr!("node_a");
- let root = fdt.root().unwrap();
+ let root = fdt.root();
let node = root.subnode(name).unwrap();
assert_ne!(None, node);
let node = node.unwrap();
@@ -304,7 +304,7 @@
let fdt = Fdt::from_slice(&data).unwrap();
let name = b"node_aaaaa";
- let root = fdt.root().unwrap();
+ let root = fdt.root();
let node = root.subnode_with_name_bytes(&name[0..6]).unwrap();
assert_ne!(None, node);
let node = node.unwrap();
@@ -319,7 +319,7 @@
let name = cstr!("node_a");
let node = {
- let root = fdt.root().unwrap();
+ let root = fdt.root();
root.subnode(name).unwrap().unwrap()
};
@@ -378,7 +378,7 @@
let mut data = fs::read(TEST_TREE_PHANDLE_PATH).unwrap();
let fdt = Fdt::from_mut_slice(&mut data).unwrap();
- let root = fdt.root_mut().unwrap();
+ let root = fdt.root_mut();
let mut subnode_iter = root.first_subnode().unwrap();
while let Some(subnode) = subnode_iter {
@@ -389,7 +389,7 @@
}
}
- let root = fdt.root().unwrap();
+ let root = fdt.root();
let expected_names = vec![
Ok(cstr!("node_a")),
Ok(cstr!("node_b")),
@@ -416,7 +416,7 @@
];
let mut expected_nodes_iter = expected_nodes.iter();
- let mut iter = fdt.root_mut().unwrap().next_node(0).unwrap();
+ let mut iter = fdt.root_mut().next_node(0).unwrap();
while let Some((node, depth)) = iter {
let node_name = node.as_node().name();
if node_name == Ok(cstr!("node_a")) || node_name == Ok(cstr!("node_zz")) {
@@ -431,7 +431,7 @@
}
assert_eq!(None, expected_nodes_iter.next());
- let root = fdt.root().unwrap();
+ let root = fdt.root();
let all_descendants: Vec<_> =
root.descendants().map(|(node, depth)| (node.name(), depth)).collect();
assert_eq!(expected_nodes, all_descendants);
@@ -442,12 +442,12 @@
let mut data = fs::read(TEST_TREE_WITH_EMPTY_MEMORY_RANGE_PATH).unwrap();
let fdt = Fdt::from_mut_slice(&mut data).unwrap();
- let mut iter = fdt.root_mut().unwrap().next_node(0).unwrap();
+ let mut iter = fdt.root_mut().next_node(0).unwrap();
while let Some((node, depth)) = iter {
iter = node.delete_and_next_node(depth).unwrap();
}
- let root = fdt.root().unwrap();
+ let root = fdt.root();
let all_descendants: Vec<_> =
root.descendants().map(|(node, depth)| (node.name(), depth)).collect();
assert!(all_descendants.is_empty(), "{all_descendants:?}");
@@ -460,7 +460,7 @@
let fdt = Fdt::from_slice(&data).unwrap();
let name = {
- let root = fdt.root().unwrap();
+ let root = fdt.root();
root.name()
// Make root to be dropped
};
@@ -472,12 +472,12 @@
let mut data = vec![0_u8; 1000];
let fdt = Fdt::create_empty_tree(&mut data).unwrap();
- let root = fdt.root_mut().unwrap();
+ let root = fdt.root_mut();
let names = [cstr!("a"), cstr!("b")];
root.add_subnodes(&names).unwrap();
let expected: HashSet<_> = names.into_iter().collect();
- let subnodes = fdt.root().unwrap().subnodes().unwrap();
+ let subnodes = fdt.root().subnodes().unwrap();
let names: HashSet<_> = subnodes.map(|node| node.name().unwrap()).collect();
assert_eq!(expected, names);
@@ -491,7 +491,7 @@
let name = {
let node_a = {
- let root = fdt.root().unwrap();
+ let root = fdt.root();
root.subnode(cstr!("node_a")).unwrap()
// Make root to be dropped
};
@@ -511,7 +511,7 @@
let first_subnode_name = {
let first_subnode = {
let mut subnodes_iter = {
- let root = fdt.root().unwrap();
+ let root = fdt.root();
root.subnodes().unwrap()
// Make root to be dropped
};
@@ -533,7 +533,7 @@
let first_descendant_name = {
let (first_descendant, _) = {
let mut descendants_iter = {
- let root = fdt.root().unwrap();
+ let root = fdt.root();
root.descendants()
// Make root to be dropped
};
diff --git a/microdroid_manager/src/vm_payload_service.rs b/microdroid_manager/src/vm_payload_service.rs
index 959197a..7f4317b 100644
--- a/microdroid_manager/src/vm_payload_service.rs
+++ b/microdroid_manager/src/vm_payload_service.rs
@@ -73,7 +73,6 @@
challenge: &[u8],
test_mode: bool,
) -> binder::Result<AttestationResult> {
- self.check_restricted_apis_allowed()?;
let ClientVmAttestationData { private_key, csr } =
generate_attestation_key_and_csr(challenge, self.secret.dice_artifacts())
.map_err(|e| {
diff --git a/pvmfw/src/device_assignment.rs b/pvmfw/src/device_assignment.rs
index 54b5a47..e427710 100644
--- a/pvmfw/src/device_assignment.rs
+++ b/pvmfw/src/device_assignment.rs
@@ -715,7 +715,7 @@
}
fn patch_pviommus(&self, fdt: &mut Fdt) -> Result<BTreeMap<PvIommu, Phandle>> {
- let mut compatible = fdt.root_mut()?.next_compatible(Self::PVIOMMU_COMPATIBLE)?;
+ let mut compatible = fdt.root_mut().next_compatible(Self::PVIOMMU_COMPATIBLE)?;
let mut pviommu_phandles = BTreeMap::new();
for pviommu in &self.pviommus {
diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index 146d012..51ba112 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -368,7 +368,7 @@
n: usize,
compat: &CStr,
) -> libfdt::Result<Option<FdtNodeMut<'a>>> {
- let mut node = fdt.root_mut()?.next_compatible(compat)?;
+ let mut node = fdt.root_mut().next_compatible(compat)?;
for _ in 0..n {
node = node.ok_or(FdtError::NoSpace)?.next_compatible(compat)?;
}
@@ -479,7 +479,7 @@
vm_ref_dt: &Fdt,
props_info: &BTreeMap<CString, Vec<u8>>,
) -> libfdt::Result<()> {
- let root_vm_dt = vm_dt.root_mut()?;
+ let root_vm_dt = vm_dt.root_mut();
let mut avf_vm_dt = root_vm_dt.add_subnode(cstr!("avf"))?;
// TODO(b/318431677): Validate nodes beyond /avf.
let avf_node = vm_ref_dt.node(cstr!("/avf"))?.ok_or(FdtError::NotFound)?;
@@ -714,10 +714,8 @@
}
fn patch_pci_info(fdt: &mut Fdt, pci_info: &PciInfo) -> libfdt::Result<()> {
- let mut node = fdt
- .root_mut()?
- .next_compatible(cstr!("pci-host-cam-generic"))?
- .ok_or(FdtError::NotFound)?;
+ let mut node =
+ fdt.root_mut().next_compatible(cstr!("pci-host-cam-generic"))?.ok_or(FdtError::NotFound)?;
let irq_masks_size = pci_info.irq_masks.len() * size_of::<PciIrqMask>();
node.trimprop(cstr!("interrupt-map-mask"), irq_masks_size)?;
@@ -758,7 +756,7 @@
/// Patch the DT by deleting the ns16550a compatible nodes whose address are unknown
fn patch_serial_info(fdt: &mut Fdt, serial_info: &SerialInfo) -> libfdt::Result<()> {
let name = cstr!("ns16550a");
- let mut next = fdt.root_mut()?.next_compatible(name);
+ let mut next = fdt.root_mut().next_compatible(name);
while let Some(current) = next? {
let reg =
current.as_node().reg()?.ok_or(FdtError::NotFound)?.next().ok_or(FdtError::NotFound)?;
@@ -806,7 +804,7 @@
fn patch_swiotlb_info(fdt: &mut Fdt, swiotlb_info: &SwiotlbInfo) -> libfdt::Result<()> {
let mut node =
- fdt.root_mut()?.next_compatible(cstr!("restricted-dma-pool"))?.ok_or(FdtError::NotFound)?;
+ fdt.root_mut().next_compatible(cstr!("restricted-dma-pool"))?.ok_or(FdtError::NotFound)?;
if let Some(range) = swiotlb_info.fixed_range() {
node.setprop_addrrange_inplace(
@@ -845,7 +843,7 @@
let value = [addr0, size0.unwrap(), addr1, size1.unwrap()];
let mut node =
- fdt.root_mut()?.next_compatible(cstr!("arm,gic-v3"))?.ok_or(FdtError::NotFound)?;
+ fdt.root_mut().next_compatible(cstr!("arm,gic-v3"))?.ok_or(FdtError::NotFound)?;
node.setprop_inplace(cstr!("reg"), flatten(&value))
}
@@ -869,7 +867,7 @@
let value = value.into_inner();
let mut node =
- fdt.root_mut()?.next_compatible(cstr!("arm,armv8-timer"))?.ok_or(FdtError::NotFound)?;
+ fdt.root_mut().next_compatible(cstr!("arm,armv8-timer"))?.ok_or(FdtError::NotFound)?;
node.setprop_inplace(cstr!("interrupts"), value.as_bytes())
}
@@ -877,7 +875,7 @@
let avf_node = if let Some(node) = fdt.node_mut(cstr!("/avf"))? {
node
} else {
- fdt.root_mut()?.add_subnode(cstr!("avf"))?
+ fdt.root_mut().add_subnode(cstr!("avf"))?
};
// The node shouldn't already be present; if it is, return the error.
diff --git a/service_vm/fake_chain/src/client_vm.rs b/service_vm/fake_chain/src/client_vm.rs
index 44ea898..6f956a7 100644
--- a/service_vm/fake_chain/src/client_vm.rs
+++ b/service_vm/fake_chain/src/client_vm.rs
@@ -29,7 +29,7 @@
HIDDEN_SIZE,
};
use log::error;
-use microdroid_kernel_hashes::{INITRD_DEBUG_HASH, KERNEL_HASH};
+use microdroid_kernel_hashes::OS_HASHES;
type CborResult<T> = result::Result<T, ciborium::value::Error>;
@@ -176,6 +176,7 @@
}
fn kernel_code_hash() -> Result<[u8; HASH_SIZE]> {
- let code_hash = [KERNEL_HASH, INITRD_DEBUG_HASH].concat();
+ let os_hashes = &OS_HASHES[0];
+ let code_hash = [os_hashes.kernel, os_hashes.initrd_debug].concat();
hash(&code_hash)
}
diff --git a/service_vm/kernel/Android.bp b/service_vm/kernel/Android.bp
index 79158e6..fbfed8e 100644
--- a/service_vm/kernel/Android.bp
+++ b/service_vm/kernel/Android.bp
@@ -9,13 +9,19 @@
genrule {
name: "microdroid_kernel_hashes_rs",
- srcs: [":microdroid_kernel"],
+ srcs: [
+ ":microdroid_kernel",
+ ":microdroid_gki-android14-6.1_kernel",
+ ],
out: ["lib.rs"],
tools: [
"extract_microdroid_kernel_hashes",
"avbtool",
],
- cmd: "$(location extract_microdroid_kernel_hashes) $(location avbtool) $(in) > $(out)",
+ cmd: "$(location extract_microdroid_kernel_hashes) --avbtool $(location avbtool) " +
+ "--kernel $(location :microdroid_kernel) " +
+ "$(location :microdroid_gki-android14-6.1_kernel) " +
+ "> $(out)",
}
rust_library_rlib {
diff --git a/service_vm/kernel/extract_microdroid_kernel_hashes.py b/service_vm/kernel/extract_microdroid_kernel_hashes.py
index 148e8be..f2c6ae7 100644
--- a/service_vm/kernel/extract_microdroid_kernel_hashes.py
+++ b/service_vm/kernel/extract_microdroid_kernel_hashes.py
@@ -12,40 +12,60 @@
"""
#!/usr/bin/env python3
-import sys
+import argparse
+from collections import defaultdict
import subprocess
from typing import Dict
PARTITION_NAME_BOOT = 'boot'
PARTITION_NAME_INITRD_NORMAL = 'initrd_normal'
PARTITION_NAME_INITRD_DEBUG = 'initrd_debug'
+HASH_SIZE = 32
def main(args):
"""Main function."""
- avbtool = args[0]
- kernel_image_path = args[1]
- hashes = collect_hashes(avbtool, kernel_image_path)
+ avbtool = args.avbtool
+ num_kernel_images = len(args.kernel)
print("//! This file is generated by extract_microdroid_kernel_hashes.py.")
print("//! It contains the hashes of the kernel and initrds.\n")
print("#![no_std]\n#![allow(missing_docs)]\n")
- # Microdroid's kernel is just an empty file in unsupportive environments
- # such as x86, in this case the hashes should be empty.
- if hashes.keys() != {PARTITION_NAME_BOOT,
- PARTITION_NAME_INITRD_NORMAL,
- PARTITION_NAME_INITRD_DEBUG}:
- print("/// The kernel is empty, no hashes are available.")
- hashes[PARTITION_NAME_BOOT] = ""
- hashes[PARTITION_NAME_INITRD_NORMAL] = ""
- hashes[PARTITION_NAME_INITRD_DEBUG] = ""
+ print("pub const HASH_SIZE: usize = " + str(HASH_SIZE) + ";\n")
+ print("pub struct OsHashes {")
+ print(" pub kernel: [u8; HASH_SIZE],")
+ print(" pub initrd_normal: [u8; HASH_SIZE],")
+ print(" pub initrd_debug: [u8; HASH_SIZE],")
+ print("}\n")
- print("pub const KERNEL_HASH: &[u8] = &["
- f"{format_hex_string(hashes[PARTITION_NAME_BOOT])}];\n")
- print("pub const INITRD_NORMAL_HASH: &[u8] = &["
- f"{format_hex_string(hashes[PARTITION_NAME_INITRD_NORMAL])}];\n")
- print("pub const INITRD_DEBUG_HASH: &[u8] = &["
- f"{format_hex_string(hashes[PARTITION_NAME_INITRD_DEBUG])}];")
+ hashes = defaultdict(list)
+ for kernel_image_path in args.kernel:
+ collected_hashes = collect_hashes(avbtool, kernel_image_path)
+
+ if collected_hashes.keys() == {PARTITION_NAME_BOOT,
+ PARTITION_NAME_INITRD_NORMAL,
+ PARTITION_NAME_INITRD_DEBUG}:
+ for partition_name, v in collected_hashes.items():
+ hashes[partition_name].append(v)
+ else:
+ # Microdroid's kernel is just an empty file in unsupportive
+ # environments such as x86, in this case the hashes should be empty.
+ print("/// The kernel is empty, no hashes are available.")
+ hashes[PARTITION_NAME_BOOT].append("")
+ hashes[PARTITION_NAME_INITRD_NORMAL].append("")
+ hashes[PARTITION_NAME_INITRD_DEBUG].append("")
+
+ print("pub const OS_HASHES: [OsHashes; " + str(num_kernel_images) + "] = [")
+ for i in range(num_kernel_images):
+ print("OsHashes {")
+ print(" kernel: [" +
+ format_hex_string(hashes[PARTITION_NAME_BOOT][i]) + "],")
+ print(" initrd_normal: [" +
+ format_hex_string(hashes[PARTITION_NAME_INITRD_NORMAL][i]) + "],")
+ print(" initrd_debug: [" +
+ format_hex_string(hashes[PARTITION_NAME_INITRD_DEBUG][i]) + "],")
+ print("},")
+ print("];")
def collect_hashes(avbtool: str, kernel_image_path: str) -> Dict[str, str]:
"""Collects the hashes from the AVB footer of the kernel image."""
@@ -63,11 +83,22 @@
def format_hex_string(hex_string: str) -> str:
"""Formats a hex string into a Rust array."""
- assert len(hex_string) % 2 == 0, \
- "Hex string must have even length: " + hex_string
+ if not hex_string:
+ return "0x00, " * HASH_SIZE
+ assert len(hex_string) == HASH_SIZE * 2, \
+ "Hex string must have length " + str(HASH_SIZE * 2) + ": " + \
+ hex_string
return ", ".join(["\n0x" + hex_string[i:i+2] if i % 32 == 0
else "0x" + hex_string[i:i+2]
for i in range(0, len(hex_string), 2)])
+def parse_args():
+ """Parses the command line arguments."""
+ parser = argparse.ArgumentParser(
+ "Extracts the hashes from the kernels' AVB footer")
+ parser.add_argument('--avbtool', help='Path to the avbtool binary')
+ parser.add_argument('--kernel', help='Path to the kernel image', nargs='+')
+ return parser.parse_args()
+
if __name__ == '__main__':
- main(sys.argv[1:])
+ main(parse_args())
diff --git a/service_vm/requests/src/client_vm.rs b/service_vm/requests/src/client_vm.rs
index d4474cf..15a3bd0 100644
--- a/service_vm/requests/src/client_vm.rs
+++ b/service_vm/requests/src/client_vm.rs
@@ -29,7 +29,7 @@
use der::{Decode, Encode};
use diced_open_dice::{DiceArtifacts, HASH_SIZE};
use log::{error, info};
-use microdroid_kernel_hashes::{INITRD_DEBUG_HASH, INITRD_NORMAL_HASH, KERNEL_HASH};
+use microdroid_kernel_hashes::{HASH_SIZE as KERNEL_HASH_SIZE, OS_HASHES};
use service_vm_comm::{ClientVmAttestationParams, Csr, CsrPayload, RequestProcessingError};
use x509_cert::{certificate::Certificate, name::Name};
@@ -159,10 +159,10 @@
/// embedded during the build time.
fn validate_kernel_code_hash(dice_chain: &ClientVmDiceChain) -> Result<()> {
let kernel = dice_chain.microdroid_kernel();
- if expected_kernel_code_hash_normal()? == kernel.code_hash {
+ if matches_any_kernel_code_hash(&kernel.code_hash, /* is_debug= */ false)? {
return Ok(());
}
- if expected_kernel_code_hash_debug()? == kernel.code_hash {
+ if matches_any_kernel_code_hash(&kernel.code_hash, /* is_debug= */ true)? {
if dice_chain.all_entries_are_secure() {
error!("The Microdroid kernel has debug initrd but the DICE chain is secure");
return Err(RequestProcessingError::InvalidDiceChain);
@@ -173,18 +173,20 @@
Err(RequestProcessingError::InvalidDiceChain)
}
-fn expected_kernel_code_hash_normal() -> bssl_avf::Result<Vec<u8>> {
- let mut code_hash = [0u8; 64];
- code_hash[0..32].copy_from_slice(KERNEL_HASH);
- code_hash[32..].copy_from_slice(INITRD_NORMAL_HASH);
- Digester::sha512().digest(&code_hash)
-}
-
-fn expected_kernel_code_hash_debug() -> bssl_avf::Result<Vec<u8>> {
- let mut code_hash = [0u8; 64];
- code_hash[0..32].copy_from_slice(KERNEL_HASH);
- code_hash[32..].copy_from_slice(INITRD_DEBUG_HASH);
- Digester::sha512().digest(&code_hash)
+fn matches_any_kernel_code_hash(actual_code_hash: &[u8], is_debug: bool) -> bssl_avf::Result<bool> {
+ for os_hash in OS_HASHES {
+ let mut code_hash = [0u8; KERNEL_HASH_SIZE * 2];
+ code_hash[0..KERNEL_HASH_SIZE].copy_from_slice(&os_hash.kernel);
+ if is_debug {
+ code_hash[KERNEL_HASH_SIZE..].copy_from_slice(&os_hash.initrd_debug);
+ } else {
+ code_hash[KERNEL_HASH_SIZE..].copy_from_slice(&os_hash.initrd_normal);
+ }
+ if Digester::sha512().digest(&code_hash)? == actual_code_hash {
+ return Ok(true);
+ }
+ }
+ Ok(false)
}
fn expected_kernel_authority_hash(service_vm_entry: &Value) -> Result<[u8; HASH_SIZE]> {
diff --git a/service_vm/test_apk/assets/config.json b/service_vm/test_apk/assets/config.json
deleted file mode 100644
index caae3ce..0000000
--- a/service_vm/test_apk/assets/config.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "os": {
- "name": "microdroid"
- },
- "task": {
- "type": "microdroid_launcher",
- "command": "libvm_attestation_test_payload.so"
- },
- "export_tombstones": true
- }
\ No newline at end of file
diff --git a/service_vm/test_apk/src/java/com/android/virt/vm_attestation/testapp/VmAttestationTests.java b/service_vm/test_apk/src/java/com/android/virt/vm_attestation/testapp/VmAttestationTests.java
index 7771e83..af99711 100644
--- a/service_vm/test_apk/src/java/com/android/virt/vm_attestation/testapp/VmAttestationTests.java
+++ b/service_vm/test_apk/src/java/com/android/virt/vm_attestation/testapp/VmAttestationTests.java
@@ -40,7 +40,7 @@
@RunWith(Parameterized.class)
public class VmAttestationTests extends MicrodroidDeviceTestBase {
private static final String TAG = "VmAttestationTest";
- private static final String DEFAULT_CONFIG = "assets/config.json";
+ private static final String VM_PAYLOAD_PATH = "libvm_attestation_test_payload.so";
@Parameterized.Parameter(0)
public String mGki;
@@ -71,7 +71,7 @@
assumeFeatureEnabled(VirtualMachineManager.FEATURE_REMOTE_ATTESTATION);
VirtualMachineConfig.Builder builder =
- newVmConfigBuilderWithPayloadConfig(DEFAULT_CONFIG)
+ newVmConfigBuilderWithPayloadBinary(VM_PAYLOAD_PATH)
.setDebugLevel(DEBUG_LEVEL_FULL)
.setVmOutputCaptured(true);
VirtualMachineConfig config = builder.build();
diff --git a/virtualizationmanager/src/dt_overlay.rs b/virtualizationmanager/src/dt_overlay.rs
index b39ba3a..108ed61 100644
--- a/virtualizationmanager/src/dt_overlay.rs
+++ b/virtualizationmanager/src/dt_overlay.rs
@@ -61,8 +61,8 @@
let fdt =
Fdt::create_empty_tree(buffer).map_err(|e| anyhow!("Failed to create empty Fdt: {e:?}"))?;
- let root = fdt.root_mut().map_err(|e| anyhow!("Failed to get root node: {e:?}"))?;
- let mut fragment = root
+ let mut fragment = fdt
+ .root_mut()
.add_subnode(cstr!("fragment@0"))
.map_err(|e| anyhow!("Failed to add fragment node: {e:?}"))?;
fragment
diff --git a/virtualizationservice/Android.bp b/virtualizationservice/Android.bp
index 843873b..38a9ec5 100644
--- a/virtualizationservice/Android.bp
+++ b/virtualizationservice/Android.bp
@@ -23,6 +23,7 @@
rustlibs: [
"android.hardware.security.rkp-V3-rust",
"android.system.virtualizationcommon-rust",
+ "android.system.virtualizationmaintenance-rust",
"android.system.virtualizationservice-rust",
"android.system.virtualizationservice_internal-rust",
"android.system.virtualmachineservice-rust",
diff --git a/virtualizationservice/aidl/Android.bp b/virtualizationservice/aidl/Android.bp
index 8ca375a..66de092 100644
--- a/virtualizationservice/aidl/Android.bp
+++ b/virtualizationservice/aidl/Android.bp
@@ -55,6 +55,23 @@
}
aidl_interface {
+ name: "android.system.virtualizationmaintenance",
+ srcs: ["android/system/virtualizationmaintenance/**/*.aidl"],
+ unstable: true,
+ backend: {
+ java: {
+ sdk_version: "module_current",
+ },
+ rust: {
+ enabled: true,
+ apex_available: [
+ "com.android.virt",
+ ],
+ },
+ },
+}
+
+aidl_interface {
name: "android.system.virtualmachineservice",
srcs: ["android/system/virtualmachineservice/**/*.aidl"],
imports: [
diff --git a/virtualizationservice/aidl/android/system/virtualizationmaintenance/IVirtualizationMaintenance.aidl b/virtualizationservice/aidl/android/system/virtualizationmaintenance/IVirtualizationMaintenance.aidl
new file mode 100644
index 0000000..161673a
--- /dev/null
+++ b/virtualizationservice/aidl/android/system/virtualizationmaintenance/IVirtualizationMaintenance.aidl
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.system.virtualizationmaintenance;
+
+interface IVirtualizationMaintenance {
+ void appRemoved(int userId, int appId);
+
+ void userRemoved(int userId);
+
+ // TODO: Something for daily reconciliation
+}
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index c7ae5f0..c7a33ba 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -59,7 +59,9 @@
IGlobalVmContext::{BnGlobalVmContext, IGlobalVmContext},
IVfioHandler::VfioDev::VfioDev,
IVfioHandler::{BpVfioHandler, IVfioHandler},
- IVirtualizationServiceInternal::IVirtualizationServiceInternal,
+ IVirtualizationServiceInternal::{
+ BnVirtualizationServiceInternal, IVirtualizationServiceInternal,
+ },
};
use virtualmachineservice::IVirtualMachineService::VM_TOMBSTONES_SERVICE_PORT;
use vsock::{VsockListener, VsockStream};
@@ -67,8 +69,6 @@
/// The unique ID of a VM used (together with a port number) for vsock communication.
pub type Cid = u32;
-pub const BINDER_SERVICE_IDENTIFIER: &str = "android.system.virtualizationservice";
-
/// Directory in which to write disk image files used while running VMs.
pub const TEMPORARY_DIRECTORY: &str = "/data/misc/virtualizationservice";
@@ -165,7 +165,7 @@
}
impl VirtualizationServiceInternal {
- pub fn init() -> VirtualizationServiceInternal {
+ pub fn init() -> Strong<dyn IVirtualizationServiceInternal> {
let service = VirtualizationServiceInternal::default();
std::thread::spawn(|| {
@@ -174,7 +174,7 @@
}
});
- service
+ BnVirtualizationServiceInternal::new_binder(service, BinderFeatures::default())
}
}
diff --git a/virtualizationservice/src/main.rs b/virtualizationservice/src/main.rs
index ad21e89..97bb38f 100644
--- a/virtualizationservice/src/main.rs
+++ b/virtualizationservice/src/main.rs
@@ -16,18 +16,15 @@
mod aidl;
mod atom;
+mod maintenance;
mod remote_provisioning;
mod rkpvm;
-use crate::aidl::{
- remove_temporary_dir, BINDER_SERVICE_IDENTIFIER, TEMPORARY_DIRECTORY,
- VirtualizationServiceInternal
-};
+use crate::aidl::{remove_temporary_dir, VirtualizationServiceInternal, TEMPORARY_DIRECTORY};
use android_logger::{Config, FilterBuilder};
-use android_system_virtualizationservice_internal::aidl::android::system::virtualizationservice_internal::IVirtualizationServiceInternal::BnVirtualizationServiceInternal;
-use anyhow::Error;
-use binder::{register_lazy_service, BinderFeatures, ProcessState, ThreadState};
-use log::{info, LevelFilter};
+use anyhow::{bail, Context, Error, Result};
+use binder::{register_lazy_service, ProcessState, ThreadState};
+use log::{error, info, LevelFilter};
use std::fs::{create_dir, read_dir};
use std::os::unix::raw::{pid_t, uid_t};
use std::path::Path;
@@ -35,6 +32,8 @@
const LOG_TAG: &str = "VirtualizationService";
pub(crate) const REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME: &str =
"android.hardware.security.keymint.IRemotelyProvisionedComponent/avf";
+const INTERNAL_SERVICE_NAME: &str = "android.system.virtualizationservice";
+const MAINTENANCE_SERVICE_NAME: &str = "android.system.virtualizationmaintenance";
fn get_calling_pid() -> pid_t {
ThreadState::get_calling_pid()
@@ -45,6 +44,13 @@
}
fn main() {
+ if let Err(e) = try_main() {
+ error!("failed with {e:?}");
+ std::process::exit(1);
+ }
+}
+
+fn try_main() -> Result<()> {
android_logger::init_once(
Config::default()
.with_tag(LOG_TAG)
@@ -57,31 +63,33 @@
),
);
- clear_temporary_files().expect("Failed to delete old temporary files");
+ clear_temporary_files().context("Failed to delete old temporary files")?;
let common_dir_path = Path::new(TEMPORARY_DIRECTORY).join("common");
- create_dir(common_dir_path).expect("Failed to create common directory");
+ create_dir(common_dir_path).context("Failed to create common directory")?;
ProcessState::start_thread_pool();
-
- let service = VirtualizationServiceInternal::init();
- let service = BnVirtualizationServiceInternal::new_binder(service, BinderFeatures::default());
- register_lazy_service(BINDER_SERVICE_IDENTIFIER, service.as_binder()).unwrap();
- info!("Registered Binder service {}.", BINDER_SERVICE_IDENTIFIER);
+ register(INTERNAL_SERVICE_NAME, VirtualizationServiceInternal::init())?;
if cfg!(remote_attestation) {
// The IRemotelyProvisionedComponent service is only supposed to be triggered by rkpd for
// RKP VM attestation.
- let remote_provisioning_service = remote_provisioning::new_binder();
- register_lazy_service(
- REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME,
- remote_provisioning_service.as_binder(),
- )
- .unwrap();
- info!("Registered Binder service {}.", REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME);
+ register(REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME, remote_provisioning::new_binder())?;
+ }
+
+ if cfg!(llpvm_changes) {
+ register(MAINTENANCE_SERVICE_NAME, maintenance::new_binder())?;
}
ProcessState::join_thread_pool();
+ bail!("Thread pool unexpectedly ended");
+}
+
+fn register<T: binder::FromIBinder + ?Sized>(name: &str, service: binder::Strong<T>) -> Result<()> {
+ register_lazy_service(name, service.as_binder())
+ .with_context(|| format!("Failed to register {name}"))?;
+ info!("Registered Binder service {name}.");
+ Ok(())
}
/// Remove any files under `TEMPORARY_DIRECTORY`.
diff --git a/virtualizationservice/src/maintenance.rs b/virtualizationservice/src/maintenance.rs
new file mode 100644
index 0000000..191d39a
--- /dev/null
+++ b/virtualizationservice/src/maintenance.rs
@@ -0,0 +1,44 @@
+// Copyright 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use android_system_virtualizationmaintenance::aidl::android::system::virtualizationmaintenance;
+use anyhow::anyhow;
+use binder::{BinderFeatures, ExceptionCode, Interface, IntoBinderResult, Strong};
+use virtualizationmaintenance::IVirtualizationMaintenance::{
+ BnVirtualizationMaintenance, IVirtualizationMaintenance,
+};
+
+pub(crate) fn new_binder() -> Strong<dyn IVirtualizationMaintenance> {
+ BnVirtualizationMaintenance::new_binder(
+ VirtualizationMaintenanceService {},
+ BinderFeatures::default(),
+ )
+}
+
+pub struct VirtualizationMaintenanceService;
+
+impl Interface for VirtualizationMaintenanceService {}
+
+#[allow(non_snake_case)]
+impl IVirtualizationMaintenance for VirtualizationMaintenanceService {
+ fn appRemoved(&self, _user_id: i32, _app_id: i32) -> binder::Result<()> {
+ Err(anyhow!("appRemoved not supported"))
+ .or_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION)
+ }
+
+ fn userRemoved(&self, _user_id: i32) -> binder::Result<()> {
+ Err(anyhow!("userRemoved not supported"))
+ .or_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION)
+ }
+}
diff --git a/virtualizationservice/src/rkpvm.rs b/virtualizationservice/src/rkpvm.rs
index 79e09b0..67ba740 100644
--- a/virtualizationservice/src/rkpvm.rs
+++ b/virtualizationservice/src/rkpvm.rs
@@ -35,7 +35,7 @@
let request = Request::RequestClientVmAttestation(params);
match vm.process_request(request).context("Failed to process request")? {
Response::RequestClientVmAttestation(cert) => Ok(cert),
- _ => bail!("Incorrect response type"),
+ other => bail!("Incorrect response type {other:?}"),
}
}