Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 6338d9a0d987a4af6350be949dadded3508bda63^! / .
commit6338d9a0d987a4af6350be949dadded3508bda63[log] [tgz]
authorAlice Wang <aliceywang@google.com>Wed Oct 30 10:55:20 2024 +0000
committerAlice Wang <aliceywang@google.com>Wed Oct 30 11:37:52 2024 +0000
treebda25aaf4fc241bbb5a57e2efa16352748ad1260
parent1d409dea144e94c8f5f15f4ae465e8147e6d7a0d [diff]
[KM-VM] Add AVB footer to the Security Trusty VM

Bug: 369299899
Test: launch_cvd --secure_hals=guest_keymint_trusty_insecure
Test: atest VtsAidlSharedSecretTargetTest
Change-Id: I5f2a78fe5cbee52ad51243939a8d28350b3b8762

diff --git a/guest/trusty/security_vm/launcher/Android.bp b/guest/trusty/security_vm/launcher/Android.bp
index d583373..e482e02 100644
--- a/guest/trusty/security_vm/launcher/Android.bp
+++ b/guest/trusty/security_vm/launcher/Android.bp

@@ -26,8 +26,32 @@
     filename: "lk_trusty.elf",
     arch: {
         x86_64: {
-            src: ":trusty-test-lk.elf",
+            src: ":trusty_security_vm_signed",
         },
     },
     src: ":empty_file",
 }
+
+filegroup {
+    name: "trusty_vm_sign_key",
+    srcs: [":avb_testkey_rsa4096"],
+}
+
+// python -c "import hashlib; print(hashlib.sha256(b'trusty_security_vm_salt').hexdigest())"
+trusty_security_vm_salt = "75a71e967c1a1e0f805cca20465e7acf83e6a04e567a67c426d8b5a94f8d61c5"
+
+avb_add_hash_footer {
+    name: "trusty_security_vm_signed",
+    filename: "trusty_security_vm_signed",
+    partition_name: "boot",
+    private_key: ":trusty_vm_sign_key",
+    salt: trusty_security_vm_salt,
+    src: ":empty_file",
+    enabled: false,
+    arch: {
+        x86_64: {
+            src: ":trusty-test-lk.elf",
+            enabled: true,
+        },
+    },
+}