Write out the BCC when signing
We don't use it yet, but this is a helpful first step.
Bug: 225177477
Test: composd_cmd staged-apex-compile
Test: See /data/misc/apexdata/com.android.compos/current/bcc
Change-Id: I81daaa9f8e1bb3e81cea0bcfddb8f0455c0d3c21
diff --git a/compos/composd/src/instance_starter.rs b/compos/composd/src/instance_starter.rs
index 4873d7a..f899497 100644
--- a/compos/composd/src/instance_starter.rs
+++ b/compos/composd/src/instance_starter.rs
@@ -87,7 +87,13 @@
let _ = fs::remove_file(&self.idsig);
let _ = fs::remove_file(&self.idsig_manifest_apk);
- self.start_vm(virtualization_service)
+ let instance = self.start_vm(virtualization_service)?;
+
+ // Retrieve the VM's attestation chain as a BCC and save it in the instance directory.
+ let bcc = instance.service.getAttestationChain().context("Getting attestation chain")?;
+ fs::write(self.instance_root.join("bcc"), bcc).context("Writing BCC")?;
+
+ Ok(instance)
}
fn start_vm(