Revert "Make salt in Microdroid's instance img obsolete"
Revert submission 2982081
Reason for revert: There are tests failing which needs modification. Revert for immediate mitigation.
Reverted changes: /q/submissionid:2982081
Change-Id: I3e55e75e5810b06829ce66149516204e5dc81ff1
diff --git a/microdroid_manager/src/verify.rs b/microdroid_manager/src/verify.rs
index 65c32b0..445c1ae 100644
--- a/microdroid_manager/src/verify.rs
+++ b/microdroid_manager/src/verify.rs
@@ -169,14 +169,13 @@
// verified is consistent with the root hash) or because we have the saved APK data which will
// be checked as identical to the data we have verified.
- let salt = if cfg!(llpvm_changes) || is_strict_boot() {
- // Salt is obsolete with llpvm_changes.
- vec![0u8; 64]
- } else if let Some(saved_data) = saved_data {
- // Use the salt from a verified instance.
+ // Use the salt from a verified instance, or generate a salt for a new instance.
+ let salt = if let Some(saved_data) = saved_data {
saved_data.salt.clone()
+ } else if is_strict_boot() {
+ // No need to add more entropy as a previous stage must have used a new, random salt.
+ vec![0u8; 64]
} else {
- // Generate a salt for a new instance.
let mut salt = vec![0u8; 64];
salt.as_mut_slice().try_fill(&mut rand::thread_rng())?;
salt