| commit | 44e967db386ec20e07a550e1b27d04ac4ffa694f | [log] [tgz] |
|---|---|---|
| author | Jiyong Park <jiyong@google.com> | Tue Dec 21 13:53:42 2021 +0900 |
| committer | Jiyong Park <jiyong@google.com> | Tue Dec 21 21:21:48 2021 +0900 |
| tree | e922a5bd0b4689d8309d3c6b9631c7c8e831c3da | |
| parent | 173aca685a6feb96b44c82235fcc84d7a0425df1 [diff] |
Filter-out android.vbmeta.device when reading bootconfig android.vbmeta.device contains UUID of the vbmeta partition. The UUID may change everytime the VM is started because the UUID is recorded in the composite disk image which exists only while the VM is running. When the VM is stopped, the disk image is deleted (to save disk space) and re-created at the next time the VM is started. So far, even if a single bit is changed, we have refused to boot the VM. This is too aggressive given that the UUID can change every time. To address this issue, filter-out android.vbmeta.device config when reading bootconfig. This doesn't loosen the security because we still require that other configs (digest, debug mode, etc.) to be the same. Bug: 208442532 Test: run a VM multiple times with the same debug level -> boots run a VM multiple times with different debug levels -> not boots (as expected) Change-Id: I5af4bcdc1a18fcbc25e152b8e4af0dc8e9d8dc31
This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.