pvmfw: Defer rbp checks & instance.img is obsolete

If secretkeeper is supported on the device (and therefore DT has the
relevant property present), pvmfw can skip the code hash checks, payload
will take care of only releasing secrets to upgraded versions of the
images using appropriately set Dice Policies.

Additionally, make salt in instance.img obsolete. It should instead be
derived from instance_id in DT.

The consequence of above 2 is that instance.img will no longer be needed
by pvmfw.

As far as `new_instance` is concerned, if instance.img is present
(because Sk is not supported on device), instance img can still be used
to determine it. But if Sk is supported on devices (defer_rpb is set)
new_instance can no more determined, let it be false. Microdroid manager
will check if the get_secret() returns EntryNotFound Error & that would
indicate that this is indeed the first run of the instance.

Test: Inspect instance.img does not contain the pvmfw partition.
Test: Run a Microdroid instance, save its instance data (instance_id &
  all).  Rebuild Microdroid with higher rollback_index & flash the apex.
  Re-run the instance, it succeeds.  Again Rebuild Microdroid will lower
  rollback_index & repeat.  Check that the VM fails to boot with
  DicePolicy error. Also inspect the sealing_policy.
Bug: 291213394
Change-Id: Iebfcdd5d89513b8f24c937b2f2cd9a298d01b74d
3 files changed
tree: cdfceb367e737275f2f33cc3b3119d9e9a117c2c
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. flags/
  10. java/
  11. launcher/
  12. libs/
  13. microdroid/
  14. microdroid_manager/
  15. pvmfw/
  16. rialto/
  17. service_vm/
  18. tests/
  19. virtualizationmanager/
  20. virtualizationservice/
  21. vm/
  22. vm_payload/
  23. vmbase/
  24. vmclient/
  25. zipfuse/
  26. .clang-format
  27. .gitignore
  28. Android.bp
  29. avf_flags.aconfig
  30. OWNERS
  31. PREUPLOAD.cfg
  32. README.md
  33. rustfmt.toml
  34. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: