Snap for 12695596 from 3b17ff27da94594476b5e7279604df57b48f1a30 to 25Q1-release
Change-Id: I9b14a053f188bdf28a9f559c08e96d048771df80
diff --git a/build/debian/fai_config/files/etc/systemd/system/forwarder_guest_launcher.service/AVF b/build/debian/fai_config/files/etc/systemd/system/forwarder_guest_launcher.service/AVF
index 6dbabea..f4c2a24 100644
--- a/build/debian/fai_config/files/etc/systemd/system/forwarder_guest_launcher.service/AVF
+++ b/build/debian/fai_config/files/etc/systemd/system/forwarder_guest_launcher.service/AVF
@@ -4,7 +4,7 @@
After=network.target
After=virtiofs_internal.service
[Service]
-ExecStart=/usr/bin/bash -c 'RUST_LOG=debug /usr/local/bin/forwarder_guest_launcher --host 192.168.0.1 --grpc_port $(cat /mnt/internal/debian_service_port)'
+ExecStart=/usr/bin/bash -c '/usr/local/bin/forwarder_guest_launcher --host 192.168.0.1 --grpc_port $(cat /mnt/internal/debian_service_port)'
Type=simple
Restart=on-failure
RestartSec=1
diff --git a/guest/forwarder_guest_launcher/src/main.rs b/guest/forwarder_guest_launcher/src/main.rs
index 16b05b4..0bb3b4d 100644
--- a/guest/forwarder_guest_launcher/src/main.rs
+++ b/guest/forwarder_guest_launcher/src/main.rs
@@ -110,6 +110,7 @@
async fn report_active_ports(
mut client: DebianServiceClient<Channel>,
) -> Result<(), Box<dyn std::error::Error>> {
+ // TODO: we can remove python3 -u when https://github.com/iovisor/bcc/pull/5142 is deployed
let mut cmd = Command::new("python3")
.arg("-u")
.arg("/usr/sbin/tcpstates-bpfcc")
diff --git a/guest/pvmfw/platform.dts b/guest/pvmfw/platform.dts
index 44834ed..c3ecd0e 100644
--- a/guest/pvmfw/platform.dts
+++ b/guest/pvmfw/platform.dts
@@ -4,6 +4,11 @@
#include <dt-bindings/interrupt-controller/arm-gic.h>
+// Undefine macros conflicting with our definitions.
+#ifdef linux
+#undef linux
+#endif
+
#define PLACEHOLDER 0xffffffff
#define PLACEHOLDER2 PLACEHOLDER PLACEHOLDER
#define PLACEHOLDER4 PLACEHOLDER2 PLACEHOLDER2
diff --git a/libs/dice/open_dice/Android.bp b/libs/dice/open_dice/Android.bp
index c60260e..3c5b6ea 100644
--- a/libs/dice/open_dice/Android.bp
+++ b/libs/dice/open_dice/Android.bp
@@ -132,6 +132,7 @@
"--rustified-enum DiceConfigType",
"--rustified-enum DiceMode",
"--rustified-enum DiceResult",
+ "--rustified-enum DicePrincipal",
// By generating only essential functions, we can make bindings concise and
// optimize compilation time.
diff --git a/libs/dice/open_dice/src/ops.rs b/libs/dice/open_dice/src/ops.rs
index 137736f..7bc0ee5 100644
--- a/libs/dice/open_dice/src/ops.rs
+++ b/libs/dice/open_dice/src/ops.rs
@@ -23,7 +23,8 @@
use crate::error::{check_result, DiceError, Result};
use alloc::{vec, vec::Vec};
use open_dice_cbor_bindgen::{
- DiceGenerateCertificate, DiceHash, DiceKdf, DiceKeypairFromSeed, DiceSign, DiceVerify,
+ DiceGenerateCertificate, DiceHash, DiceKdf, DiceKeypairFromSeed, DicePrincipal, DiceSign,
+ DiceVerify,
};
use std::ptr;
@@ -75,6 +76,11 @@
pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(Vec<u8>, PrivateKey)> {
let mut public_key = vec![0u8; VM_KEY_ALGORITHM.public_key_size()];
let mut private_key = PrivateKey::default();
+ // This function is used with an open-dice config that uses the same algorithms for the
+ // subject and authority. Therefore, the principal is irrelevant in this context as this
+ // function only derives the key pair cryptographically without caring about which
+ // principal it is for. Hence, we arbitrarily set it to `DicePrincipal::kDicePrincipalSubject`.
+ let principal = DicePrincipal::kDicePrincipalSubject;
check_result(
// SAFETY: The function writes to the `public_key` and `private_key` within the given
// bounds, and only reads the `seed`. The first argument context is not used in this
@@ -82,6 +88,7 @@
unsafe {
DiceKeypairFromSeed(
ptr::null_mut(), // context
+ principal,
seed.as_ptr(),
public_key.as_mut_ptr(),
private_key.as_mut_ptr(),