Microdroid: Map a dm-crypt dev on (virtio-blk)disk 1. microdroid_manager, on seeing a (named) block device dedicated for storage, will run encryptedstore binary. 2. The key derived for the encryption will be derived from the dice using the CDIs of *payload* as hashes. 3. encryptedstore binary will create the dm-crypt device using the libdm_rust library. Note: The salt used for the key is deterministic but I randomly got from /dev/urandom. This ensures the key & payload secret are different. Test: Run bin/vm run-app using --storage & --storage-size flag Test: Write into the crypt device & check persistence by running another VM with same instance image. Bug: 241541860 Change-Id: I11d00343a040935dd90a232fe7c5ab4e06b6d145

commit: 566c96723954040a8a8e5e7a2577b6f414757531 [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Tue Nov 15 14:39:58 2022 +0000
committer: Shikha Panwar <shikhapanwar@google.com> Mon Nov 21 15:57:08 2022 +0000
tree: ef403178d1a2ac1e7a574517ec4bcbec254b0ef8
parent: 90b53eece6b7b46d208b7725198276c7db0c4ac3 [diff] [blame]
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index c3e2692..68827df 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp

@@ -108,6 +108,7 @@
                 "apkdmverity",
                 "authfs",
                 "authfs_service",
+                "encryptedstore",
                 "microdroid_crashdump_kernel",
                 "microdroid_kexec",
                 "microdroid_manager",
commit	566c96723954040a8a8e5e7a2577b6f414757531	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Tue Nov 15 14:39:58 2022 +0000
committer	Shikha Panwar <shikhapanwar@google.com>	Mon Nov 21 15:57:08 2022 +0000
tree	ef403178d1a2ac1e7a574517ec4bcbec254b0ef8
parent	90b53eece6b7b46d208b7725198276c7db0c4ac3 [diff] [blame]