Microdroid: Map a dm-crypt dev on (virtio-blk)disk 1. microdroid_manager, on seeing a (named) block device dedicated for storage, will run encryptedstore binary. 2. The key derived for the encryption will be derived from the dice using the CDIs of *payload* as hashes. 3. encryptedstore binary will create the dm-crypt device using the libdm_rust library. Note: The salt used for the key is deterministic but I randomly got from /dev/urandom. This ensures the key & payload secret are different. Test: Run bin/vm run-app using --storage & --storage-size flag Test: Write into the crypt device & check persistence by running another VM with same instance image. Bug: 241541860 Change-Id: I11d00343a040935dd90a232fe7c5ab4e06b6d145

commit: 566c96723954040a8a8e5e7a2577b6f414757531 [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Tue Nov 15 14:39:58 2022 +0000
committer: Shikha Panwar <shikhapanwar@google.com> Mon Nov 21 15:57:08 2022 +0000
tree: ef403178d1a2ac1e7a574517ec4bcbec254b0ef8
parent: 90b53eece6b7b46d208b7725198276c7db0c4ac3 [diff] [blame]
diff --git a/virtualizationservice/src/payload.rs b/virtualizationservice/src/payload.rs
index 233e74b..f6e8a7b 100644
--- a/virtualizationservice/src/payload.rs
+++ b/virtualizationservice/src/payload.rs

@@ -420,7 +420,7 @@
 
     if let Some(file) = storage_image {
         writable_partitions.push(Partition {
-            label: "encrypted-storage".to_owned(),
+            label: "encryptedstore".to_owned(),
             image: Some(ParcelFileDescriptor::new(file)),
             writable: true,
         });
commit	566c96723954040a8a8e5e7a2577b6f414757531	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Tue Nov 15 14:39:58 2022 +0000
committer	Shikha Panwar <shikhapanwar@google.com>	Mon Nov 21 15:57:08 2022 +0000
tree	ef403178d1a2ac1e7a574517ec4bcbec254b0ef8
parent	90b53eece6b7b46d208b7725198276c7db0c4ac3 [diff] [blame]