Add guest OS capability: SecretkeeperProtection
Not all guest OS are capable of interacting with Secretkeeper. Add a
capability "secretkeeper_protection" (which can be extracted from vbmeta
property "com.android.virt.cap"). Add this property to Microdroid
kernel.
pvmfw will have check if the guest OS has this capability & ensures the
rollback_index > 0 if the guest OS has it. Note that this will be
factored in while pvmfw check if updated guest OS should be accepted.
Bug: 291213374
Test: avbtool.py --info microdroid_kernel & check if property is
present.
Test: #payload_with_multiple_capabilities
Change-Id: I99c159d3d65005ec02729b47620ac05ab8d1ec5e
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index d39d51c..b8cbf1b 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -112,10 +112,22 @@
info!("Please disregard any previous libavb ERROR about initrd_normal.");
}
- if verified_boot_data.capabilities.contains(&Capability::RemoteAttest) {
+ if verified_boot_data.has_capability(Capability::RemoteAttest) {
info!("Service VM capable of remote attestation detected");
}
+ if verified_boot_data.has_capability(Capability::SecretkeeperProtection) {
+ info!("Guest OS is capable of Secretkeeper protection");
+ // For Secretkeeper based Antirollback protection, rollback_index of the image > 0
+ if verified_boot_data.rollback_index == 0 {
+ error!(
+ "Expected positive rollback_index, found {:?}",
+ verified_boot_data.rollback_index
+ );
+ return Err(RebootReason::InvalidPayload);
+ };
+ }
+
let next_bcc = heap::aligned_boxed_slice(NEXT_BCC_SIZE, GUEST_PAGE_SIZE).ok_or_else(|| {
error!("Failed to allocate the next-stage BCC");
RebootReason::InternalError