Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 566c96723954040a8a8e5e7a2577b6f414757531
commit566c96723954040a8a8e5e7a2577b6f414757531[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Tue Nov 15 14:39:58 2022 +0000
committerShikha Panwar <shikhapanwar@google.com>Mon Nov 21 15:57:08 2022 +0000
treeef403178d1a2ac1e7a574517ec4bcbec254b0ef8
parent90b53eece6b7b46d208b7725198276c7db0c4ac3 [diff]
Microdroid: Map a dm-crypt dev on (virtio-blk)disk

1. microdroid_manager, on seeing a (named) block device dedicated for
   storage, will run encryptedstore binary.
2. The key derived for the encryption will be derived from the dice
   using the CDIs of *payload* as hashes.
3. encryptedstore binary will create the dm-crypt device using the
   libdm_rust library.

Note: The salt used for the key is deterministic but I randomly got from
/dev/urandom. This ensures the key & payload secret are different.

Test: Run bin/vm run-app using --storage & --storage-size flag
Test: Write into the crypt device & check persistence by running another
VM with same instance image.
Bug: 241541860

Change-Id: I11d00343a040935dd90a232fe7c5ab4e06b6d145
7 files changed
tree: ef403178d1a2ac1e7a574517ec4bcbec254b0ef8
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. avmd/
  5. compos/
  6. demo/
  7. docs/
  8. encryptedstore/
  9. javalib/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. tests/
  17. virtualizationservice/
  18. vm/
  19. vmbase/
  20. vmclient/
  21. zipfuse/
  22. rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
  23. .clang-format
  24. .gitignore
  25. Android.bp
  26. OWNERS
  27. PREUPLOAD.cfg
  28. README.md
  29. TEST_MAPPING
README.md

Virtualization

This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.