pvmfw: Use pvmfw_embedded_key from Rust
pvmfw will need the key to validate AVB-signed images so wrap it in a
rlib to import it into Rust code while making sure Soong is aware of the
dependency and handles file paths.
As this will be used in the context of AVB, create the module and
re-export the PUBLIC_KEY from there.
Use a debug! statement in main() to ensure that the key is kept in the
final binary by the toolchain.
Bug: 255575669
Test: m pvmfw_bin # verify that it contains testkey_rsa4096_pub.bin
Change-Id: I840a32a39f113d6becd50bea42b8552e551fee5f
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 0872c33..b644905 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -10,6 +10,7 @@
edition: "2021",
rustlibs: [
"liblog_rust_nostd",
+ "libpvmfw_embedded_key",
"libvmbase",
],
apex_available: ["com.android.virt"],
@@ -49,6 +50,28 @@
installable: false,
}
+genrule {
+ name: "pvmfw_embedded_key_rs",
+ srcs: [":pvmfw_embedded_key"],
+ out: ["lib.rs"],
+ cmd: "(" +
+ " echo '#![no_std]';" +
+ " echo '#![allow(missing_docs)]';" +
+ " echo 'pub const PUBLIC_KEY: &[u8] = &[';" +
+ " xxd -i < $(in);" +
+ " echo '];';" +
+ ") > $(out)",
+}
+
+rust_library_rlib {
+ name: "libpvmfw_embedded_key",
+ defaults: ["vmbase_ffi_defaults"],
+ prefer_rlib: true,
+ srcs: [":pvmfw_embedded_key_rs"],
+ crate_name: "pvmfw_embedded_key",
+ apex_available: ["com.android.virt"],
+}
+
prebuilt_etc {
name: "pvmfw_sign_key",
src: ":avb_testkey_rsa4096",
diff --git a/pvmfw/src/avb.rs b/pvmfw/src/avb.rs
new file mode 100644
index 0000000..1abe73f
--- /dev/null
+++ b/pvmfw/src/avb.rs
@@ -0,0 +1,17 @@
+// Copyright 2022, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Image verification.
+
+pub use pvmfw_embedded_key::PUBLIC_KEY;
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 9f8cbd2..870172d 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -17,12 +17,14 @@
#![no_main]
#![no_std]
+mod avb;
mod entry;
mod exceptions;
mod helpers;
mod mmio_guard;
mod smccc;
+use avb::PUBLIC_KEY;
use log::{debug, info};
fn main(fdt: &mut [u8], payload: &[u8]) {
@@ -33,6 +35,6 @@
payload.as_ptr() as usize,
payload.len(),
);
-
+ debug!("AVB public key: addr={:?}, size={:#x} ({1})", PUBLIC_KEY.as_ptr(), PUBLIC_KEY.len());
info!("Starting payload...");
}