pvmfw: Use pvmfw_embedded_key from Rust
pvmfw will need the key to validate AVB-signed images so wrap it in a
rlib to import it into Rust code while making sure Soong is aware of the
dependency and handles file paths.
As this will be used in the context of AVB, create the module and
re-export the PUBLIC_KEY from there.
Use a debug! statement in main() to ensure that the key is kept in the
final binary by the toolchain.
Bug: 255575669
Test: m pvmfw_bin # verify that it contains testkey_rsa4096_pub.bin
Change-Id: I840a32a39f113d6becd50bea42b8552e551fee5f
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 0872c33..b644905 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -10,6 +10,7 @@
edition: "2021",
rustlibs: [
"liblog_rust_nostd",
+ "libpvmfw_embedded_key",
"libvmbase",
],
apex_available: ["com.android.virt"],
@@ -49,6 +50,28 @@
installable: false,
}
+genrule {
+ name: "pvmfw_embedded_key_rs",
+ srcs: [":pvmfw_embedded_key"],
+ out: ["lib.rs"],
+ cmd: "(" +
+ " echo '#![no_std]';" +
+ " echo '#![allow(missing_docs)]';" +
+ " echo 'pub const PUBLIC_KEY: &[u8] = &[';" +
+ " xxd -i < $(in);" +
+ " echo '];';" +
+ ") > $(out)",
+}
+
+rust_library_rlib {
+ name: "libpvmfw_embedded_key",
+ defaults: ["vmbase_ffi_defaults"],
+ prefer_rlib: true,
+ srcs: [":pvmfw_embedded_key_rs"],
+ crate_name: "pvmfw_embedded_key",
+ apex_available: ["com.android.virt"],
+}
+
prebuilt_etc {
name: "pvmfw_sign_key",
src: ":avb_testkey_rsa4096",