Microdroid: Map a dm-crypt dev on (virtio-blk)disk
1. microdroid_manager, on seeing a (named) block device dedicated for
storage, will run encryptedstore binary.
2. The key derived for the encryption will be derived from the dice
using the CDIs of *payload* as hashes.
3. encryptedstore binary will create the dm-crypt device using the
libdm_rust library.
Note: The salt used for the key is deterministic but I randomly got from
/dev/urandom. This ensures the key & payload secret are different.
Test: Run bin/vm run-app using --storage & --storage-size flag
Test: Write into the crypt device & check persistence by running another
VM with same instance image.
Bug: 241541860
Change-Id: I11d00343a040935dd90a232fe7c5ab4e06b6d145
diff --git a/encryptedstore/Android.bp b/encryptedstore/Android.bp
new file mode 100644
index 0000000..301e733
--- /dev/null
+++ b/encryptedstore/Android.bp
@@ -0,0 +1,30 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_defaults {
+ name: "encryptedstore.defaults",
+ srcs: ["src/main.rs"],
+ edition: "2021",
+ prefer_rlib: true,
+ rustlibs: [
+ "libandroid_logger",
+ "libanyhow",
+ "libclap",
+ "libhex",
+ "liblog_rust",
+ "libnix",
+ "libdm_rust",
+ ],
+ multilib: {
+ lib32: {
+ enabled: false,
+ },
+ },
+}
+
+rust_binary {
+ name: "encryptedstore",
+ defaults: ["encryptedstore.defaults"],
+ bootstrap: true,
+}