Add guest OS capability: SecretkeeperProtection
Not all guest OS are capable of interacting with Secretkeeper. Add a
capability "secretkeeper_protection" (which can be extracted from vbmeta
property "com.android.virt.cap"). Add this property to Microdroid
kernel.
pvmfw will have check if the guest OS has this capability & ensures the
rollback_index > 0 if the guest OS has it. Note that this will be
factored in while pvmfw check if updated guest OS should be accepted.
Bug: 291213374
Test: avbtool.py --info microdroid_kernel & check if property is
present.
Test: #payload_with_multiple_capabilities
Change-Id: I99c159d3d65005ec02729b47620ac05ab8d1ec5e
diff --git a/pvmfw/avb/src/verify.rs b/pvmfw/avb/src/verify.rs
index 1a16f9d..492d387 100644
--- a/pvmfw/avb/src/verify.rs
+++ b/pvmfw/avb/src/verify.rs
@@ -43,6 +43,13 @@
pub rollback_index: u64,
}
+impl VerifiedBootData<'_> {
+ /// Returns whether the kernel have the given capability
+ pub fn has_capability(&self, cap: Capability) -> bool {
+ self.capabilities.contains(&cap)
+ }
+}
+
/// This enum corresponds to the `DebugLevel` in `VirtualMachineConfig`.
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
pub enum DebugLevel {
@@ -53,15 +60,18 @@
}
/// VM Capability.
-#[derive(Debug, PartialEq, Eq)]
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub enum Capability {
/// Remote attestation.
RemoteAttest,
+ /// Secretkeeper protected secrets.
+ SecretkeeperProtection,
}
impl Capability {
const KEY: &[u8] = b"com.android.virt.cap";
const REMOTE_ATTEST: &[u8] = b"remote_attest";
+ const SECRETKEEPER_PROTECTION: &[u8] = b"secretkeeper_protection";
const SEPARATOR: u8 = b'|';
fn get_capabilities(property_value: &[u8]) -> Result<Vec<Self>, PvmfwVerifyError> {
@@ -70,6 +80,7 @@
for v in property_value.split(|b| *b == Self::SEPARATOR) {
let cap = match v {
Self::REMOTE_ATTEST => Self::RemoteAttest,
+ Self::SECRETKEEPER_PROTECTION => Self::SecretkeeperProtection,
_ => return Err(PvmfwVerifyError::UnknownVbmetaProperty),
};
if res.contains(&cap) {