Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 64f757b22b7624e2dfab864c3458f69c18558f87^! / .
commit64f757b22b7624e2dfab864c3458f69c18558f87[log] [tgz]
authorPierre-Clément Tosi <ptosi@google.com>Wed Jan 22 16:13:18 2025 +0000
committerPierre-Clément Tosi <ptosi@google.com>Mon Jan 27 13:50:12 2025 +0000
tree49a1610998296a05dbeee5089bff0190dca69a4e
parent5467ed3115132766c20e413297901848bf0eee5b [diff]
pvmfw: rollback: Remove special RBP for Trusty VM

Use deferred RBP for Trusty VM, which is identical to the RBP solution
introduced by aosp/3367779 with the extra constraint that the RB index
should be non-null (not bad to ensure).

This prepares for fixing the currently-supported Capabilities, which
have actually been defined per use-case, into an interface that can be
stabilized for Treble in Android 16 as an upcoming change will introduce
a separate AVB property to select the RBP solution and both users of
SecretkeeperProtection and TrustySecurityVm are expected to use a
unified one.

Bug: 391620545
Test: m pvmfw_bin && TH
Change-Id: I852107dee56ce257a03fbec3e7ae706c1f7c93a8

diff --git a/guest/pvmfw/src/rollback.rs b/guest/pvmfw/src/rollback.rs
index 74b2cd8..f2b0a53 100644
--- a/guest/pvmfw/src/rollback.rs
+++ b/guest/pvmfw/src/rollback.rs

@@ -44,17 +44,15 @@
     cdi_seal: &[u8],
     instance_hash: Option<Hidden>,
 ) -> Result<(bool, Hidden, bool), RebootReason> {
-    if should_defer_rollback_protection(fdt)?
-        && verified_boot_data.has_capability(Capability::SecretkeeperProtection)
+    if (should_defer_rollback_protection(fdt)?
+        && verified_boot_data.has_capability(Capability::SecretkeeperProtection))
+        || verified_boot_data.has_capability(Capability::TrustySecurityVm)
     {
         perform_deferred_rollback_protection(verified_boot_data)?;
         Ok((false, instance_hash.unwrap(), true))
     } else if verified_boot_data.has_capability(Capability::RemoteAttest) {
         perform_fixed_index_rollback_protection(verified_boot_data)?;
         Ok((false, instance_hash.unwrap(), false))
-    } else if verified_boot_data.has_capability(Capability::TrustySecurityVm) {
-        skip_rollback_protection()?;
-        Ok((false, instance_hash.unwrap(), false))
     } else {
         perform_legacy_rollback_protection(fdt, dice_inputs, cdi_seal, instance_hash)
     }
@@ -88,11 +86,6 @@
     }
 }
 
-fn skip_rollback_protection() -> Result<(), RebootReason> {
-    info!("Skipping rollback protection");
-    Ok(())
-}
-
 /// Performs RBP using instance.img where updates require clearing old entries, causing new CDIs.
 fn perform_legacy_rollback_protection(
     fdt: &Fdt,