Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 4a0651de655e2dc2964b13a6c3a8dd13bb767881^! / . / pvmfw / avb / Android.bp
commit4a0651de655e2dc2964b13a6c3a8dd13bb767881[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Thu Sep 28 13:06:13 2023 +0000
committerShikha Panwar <shikhapanwar@google.com>Fri Sep 29 12:42:34 2023 +0000
tree5fa8e23388c85f7172b59adc0a87509baaca7396
parenta26f16aee1e340449c05fc52dfe143f5f6927fa4 [diff] [blame]
Add guest OS capability: SecretkeeperProtection

Not all guest OS are capable of interacting with Secretkeeper. Add a
capability "secretkeeper_protection" (which can be extracted from vbmeta
property "com.android.virt.cap"). Add this property to Microdroid
kernel.

pvmfw will have check if the guest OS has this capability & ensures the
rollback_index > 0 if the guest OS has it. Note that this will be
factored in while pvmfw check if updated guest OS should be accepted.

Bug: 291213374
Test: avbtool.py --info microdroid_kernel & check if property is
present.
Test: #payload_with_multiple_capabilities

Change-Id: I99c159d3d65005ec02729b47620ac05ab8d1ec5e

diff --git a/pvmfw/avb/Android.bp b/pvmfw/avb/Android.bp
index f7362d8..6df1c4d 100644
--- a/pvmfw/avb/Android.bp
+++ b/pvmfw/avb/Android.bp

@@ -43,6 +43,7 @@
         ":test_image_with_multiple_props",
         ":test_image_with_duplicated_capability",
         ":test_image_with_rollback_index_5",
+        ":test_image_with_multiple_capabilities",
         ":unsigned_test_image",
     ],
     prefer_rlib: true,
@@ -204,3 +205,17 @@
     salt: "1211",
     rollback_index: 5,
 }
+
+avb_add_hash_footer {
+    name: "test_image_with_multiple_capabilities",
+    src: ":unsigned_test_image",
+    partition_name: "boot",
+    private_key: ":pvmfw_sign_key",
+    salt: "2134",
+    props: [
+        {
+            name: "com.android.virt.cap",
+            value: "remote_attest|secretkeeper_protection",
+        },
+    ],
+}