Merge "virtmgr: don't check label for vendor initiated VMs" into main
diff --git a/build/debian/build.sh b/build/debian/build.sh
index 63035ae..9c4d4b1 100755
--- a/build/debian/build.sh
+++ b/build/debian/build.sh
@@ -114,14 +114,6 @@
)
fi
- # TODO(b/365955006): remove these lines when uboot supports x86_64 EFI application
- if [[ "$arch" == "x86_64" ]]; then
- packages+=(
- libguestfs-tools
- linux-image-generic
- )
- fi
-
if [[ "$use_generic_kernel" != 1 ]]; then
packages+=(
bc
@@ -326,9 +318,8 @@
generate_output_package() {
fdisk -l "${raw_disk_image}"
- local vm_config="$SCRIPT_DIR/vm_config.json.${arch}"
+ local vm_config="$SCRIPT_DIR/vm_config.json"
local root_partition_num=1
- local bios_partition_num=14
local efi_partition_num=15
pushd ${workdir} > /dev/null
@@ -337,9 +328,6 @@
loop=$(losetup -f --show --partscan $raw_disk_image)
dd if="${loop}p$root_partition_num" of=root_part
- if [[ "$arch" == "x86_64" ]]; then
- dd if="${loop}p$bios_partition_num" of=bios_part
- fi
dd if="${loop}p$efi_partition_num" of=efi_part
losetup -d "${loop}"
@@ -350,36 +338,19 @@
fi
sed -i "s/{root_part_guid}/$(sfdisk --part-uuid $raw_disk_image $root_partition_num)/g" vm_config.json
- if [[ "$arch" == "x86_64" ]]; then
- sed -i "s/{bios_part_guid}/$(sfdisk --part-uuid $raw_disk_image $bios_partition_num)/g" vm_config.json
- fi
sed -i "s/{efi_part_guid}/$(sfdisk --part-uuid $raw_disk_image $efi_partition_num)/g" vm_config.json
- images=()
- if [[ "$arch" == "aarch64" ]]; then
- images+=(
- root_part
- efi_part
- )
- # TODO(b/365955006): remove these lines when uboot supports x86_64 EFI application
- elif [[ "$arch" == "x86_64" ]]; then
- rm -f vmlinuz initrd.img
- virt-get-kernel -a "${raw_disk_image}"
- mv vmlinuz* vmlinuz
- mv initrd.img* initrd.img
- images+=(
- bios_part
- root_part
- efi_part
- vmlinuz
- initrd.img
- )
- fi
-
popd > /dev/null
+ contents=(
+ build_id
+ root_part
+ efi_part
+ vm_config.json
+ )
+
# --sparse option isn't supported in apache-commons-compress
- tar czv -f ${output} -C ${workdir} build_id "${images[@]}" vm_config.json
+ tar czv -f ${output} -C ${workdir} "${contents[@]}"
}
clean_up() {
diff --git a/build/debian/vm_config.json.aarch64 b/build/debian/vm_config.json
similarity index 100%
rename from build/debian/vm_config.json.aarch64
rename to build/debian/vm_config.json
diff --git a/build/debian/vm_config.json.x86_64 b/build/debian/vm_config.json.x86_64
deleted file mode 100644
index bc4e00a..0000000
--- a/build/debian/vm_config.json.x86_64
+++ /dev/null
@@ -1,51 +0,0 @@
-{
- "name": "debian",
- "disks": [
- {
- "partitions": [
- {
- "label": "ROOT",
- "path": "$PAYLOAD_DIR/root_part",
- "writable": true,
- "guid": "{root_part_guid}"
- },
- {
- "label": "BIOS",
- "path": "$PAYLOAD_DIR/bios_part",
- "writable": true,
- "guid": "{bios_part_guid}"
- },
- {
- "label": "EFI",
- "path": "$PAYLOAD_DIR/efi_part",
- "writable": false,
- "guid": "{efi_part_guid}"
- }
- ],
- "writable": true
- }
- ],
- "sharedPath": [
- {
- "sharedPath": "/storage/emulated"
- },
- {
- "sharedPath": "$APP_DATA_DIR/files"
- }
- ],
- "kernel": "$PAYLOAD_DIR/vmlinuz",
- "initrd": "$PAYLOAD_DIR/initrd.img",
- "params": "root=/dev/vda1",
- "protected": false,
- "cpu_topology": "match_host",
- "platform_version": "~1.0",
- "memory_mib": 4096,
- "debuggable": true,
- "console_out": true,
- "console_input_device": "ttyS0",
- "network": true,
- "auto_memory_balloon": true,
- "gpu": {
- "backend": "2d"
- }
-}
diff --git a/guest/microdroid_manager/src/main.rs b/guest/microdroid_manager/src/main.rs
index d665c87..4537834 100644
--- a/guest/microdroid_manager/src/main.rs
+++ b/guest/microdroid_manager/src/main.rs
@@ -244,13 +244,14 @@
fn verify_payload_with_instance_img(
metadata: &Metadata,
dice: &DiceDriver,
+ state: &mut VmInstanceState,
) -> Result<MicrodroidData> {
let mut instance = InstanceDisk::new().context("Failed to load instance.img")?;
let saved_data = instance.read_microdroid_data(dice).context("Failed to read identity data")?;
if is_strict_boot() {
// Provisioning must happen on the first boot and never again.
- if is_new_instance_legacy() {
+ if Path::new(AVF_NEW_INSTANCE).exists() {
ensure!(
saved_data.is_none(),
MicrodroidError::PayloadInvalidConfig(
@@ -286,12 +287,14 @@
);
info!("Saved data is verified.");
}
+ *state = VmInstanceState::PreviouslySeen;
saved_data
} else {
info!("Saving verified data.");
instance
.write_microdroid_data(&extracted_data, dice)
.context("Failed to write identity data")?;
+ *state = VmInstanceState::NewlyCreated;
extracted_data
};
Ok(instance_data)
@@ -321,13 +324,14 @@
.context("Failed to load DICE from driver")?
};
+ let mut state = VmInstanceState::Unknown;
// Microdroid skips checking payload against instance image iff the device supports
- // secretkeeper. In that case Microdroid use VmSecret::V2, which provide protection against
- // rollback of boot images and packages.
+ // secretkeeper. In that case Microdroid use VmSecret::V2, which provides instance state
+ // and protection against rollback of boot images and packages.
let instance_data = if should_defer_rollback_protection() {
verify_payload(&metadata, None)?
} else {
- verify_payload_with_instance_img(&metadata, &dice)?
+ verify_payload_with_instance_img(&metadata, &dice, &mut state)?
};
let payload_metadata = metadata.payload.ok_or_else(|| {
@@ -337,7 +341,6 @@
// To minimize the exposure to untrusted data, derive dice profile as soon as possible.
info!("DICE derivation for payload");
let dice_artifacts = dice_derivation(dice, &instance_data, &payload_metadata)?;
- let mut state = VmInstanceState::Unknown;
let vm_secret = VmSecret::new(dice_artifacts, service, &mut state)
.context("Failed to create VM secrets")?;
@@ -345,15 +348,7 @@
VmInstanceState::NewlyCreated => true,
VmInstanceState::PreviouslySeen => false,
VmInstanceState::Unknown => {
- // VmSecret instantiation was not able to determine the state. This should only happen
- // for legacy secret mechanism (V1) - in which case fallback to legacy
- // instance.img based determination of state.
- ensure!(
- !should_defer_rollback_protection(),
- "VmInstanceState is Unknown whilst guest is expected to use V2 based secrets.
- This should've never happened"
- );
- is_new_instance_legacy()
+ bail!("Vm instance state is still unknown, this should not have happened");
}
};
@@ -519,10 +514,6 @@
Path::new(AVF_STRICT_BOOT).exists()
}
-fn is_new_instance_legacy() -> bool {
- Path::new(AVF_NEW_INSTANCE).exists()
-}
-
fn is_verified_boot() -> bool {
!Path::new(DEBUG_MICRODROID_NO_VERIFIED_BOOT).exists()
}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 418a88e..9d08ed7 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -2166,11 +2166,6 @@
assumeFalse(
"Cuttlefish/Goldfish doesn't support device tree under /proc/device-tree",
isCuttlefish() || isGoldfish());
- if (!isUpdatableVmSupported()) {
- // TODO(b/389611249): Non protected VMs using legacy secret mechanisms do not reliably
- // implement `AVmPayload_isNewInstance`.
- assumeProtectedVM();
- }
VirtualMachine vm = forceCreateNewVirtualMachine("test_vm_a", config);
TestResults testResults =
runVmTestService(