[attestation] Optimize request processing in Service VM
Prior to this cl, the Service VM started and stopped for each
individual request, leading to inefficiency during the AVF key
provisioning phase where 20+ requests might arrive in quick
succession.
This cl optimized this process by adding a 1-second delay before
the Service VM shuts down. This delay ensures the Service VM
remains active if requests are closely spaced, preventing
unnecessary restarts during batch processing.
This cl decreases the total duration for AVF key provisioning
from ~5 seconds to 790ms on a local device.
Bug: 327186248
Test: atest AvfRkpdVmAttestationTestApp \
VmAttestationTestApp
Change-Id: I6500a535b0cd43d804281e77e90cda5d242bc41a
diff --git a/virtualizationservice/src/rkpvm.rs b/virtualizationservice/src/rkpvm.rs
index 67ba740..6898921 100644
--- a/virtualizationservice/src/rkpvm.rs
+++ b/virtualizationservice/src/rkpvm.rs
@@ -21,28 +21,25 @@
use service_vm_comm::{
ClientVmAttestationParams, GenerateCertificateRequestParams, Request, Response,
};
-use service_vm_manager::ServiceVm;
+use service_vm_manager::process_request;
pub(crate) fn request_attestation(
csr: Vec<u8>,
remotely_provisioned_key_blob: Vec<u8>,
remotely_provisioned_cert: Vec<u8>,
) -> Result<Vec<u8>> {
- let mut vm = ServiceVm::start()?;
-
let params =
ClientVmAttestationParams { csr, remotely_provisioned_key_blob, remotely_provisioned_cert };
let request = Request::RequestClientVmAttestation(params);
- match vm.process_request(request).context("Failed to process request")? {
+ match process_request(request).context("Failed to process request")? {
Response::RequestClientVmAttestation(cert) => Ok(cert),
other => bail!("Incorrect response type {other:?}"),
}
}
pub(crate) fn generate_ecdsa_p256_key_pair() -> Result<Response> {
- let mut vm = ServiceVm::start()?;
let request = Request::GenerateEcdsaP256KeyPair;
- vm.process_request(request).context("Failed to process request")
+ process_request(request).context("Failed to process request")
}
pub(crate) fn generate_certificate_request(
@@ -55,6 +52,5 @@
};
let request = Request::GenerateCertificateRequest(params);
- let mut vm = ServiceVm::start()?;
- vm.process_request(request).context("Failed to process request")
+ process_request(request).context("Failed to process request")
}