Test: Protected VM fails if images are signed by unknown
Arrange:
- prepare VM images signed with a test key
Act:
- start a protected VM
Assert:
- a boot process fails due to pubkey mismatch between pvmfw and
bootloader
Bug: 218934597
Test: atest MicrodroidHostTestCases
Change-Id: I05755ddf32839ef531ca9a11b2939bbc251ff1fb
diff --git a/microdroid/payload/mk_payload.cc b/microdroid/payload/mk_payload.cc
index fd1ce78..6e3f526 100644
--- a/microdroid/payload/mk_payload.cc
+++ b/microdroid/payload/mk_payload.cc
@@ -269,24 +269,34 @@
}
int main(int argc, char** argv) {
- if (argc != 3) {
- std::cerr << "Usage: " << argv[0] << " <config> <output>\n";
+ if (argc < 3 || argc > 4) {
+ std::cerr << "Usage: " << argv[0] << " [--metadata-only] <config> <output>\n";
return 1;
}
+ int arg_index = 1;
+ bool metadata_only = false;
+ if (strcmp(argv[arg_index], "--metadata-only") == 0) {
+ metadata_only = true;
+ arg_index++;
+ }
- auto config = LoadConfig(argv[1]);
+ auto config = LoadConfig(argv[arg_index++]);
if (!config.ok()) {
std::cerr << "bad config: " << config.error() << '\n';
return 1;
}
- const std::string output_file(argv[2]);
- const std::string metadata_file = AppendFileName(output_file, "-metadata");
+ const std::string output_file(argv[arg_index++]);
+ const std::string metadata_file =
+ metadata_only ? output_file : AppendFileName(output_file, "-metadata");
if (const auto res = MakeMetadata(*config, metadata_file); !res.ok()) {
std::cerr << res.error() << '\n';
return 1;
}
+ if (metadata_only) {
+ return 0;
+ }
if (const auto res = MakePayload(*config, metadata_file, output_file); !res.ok()) {
std::cerr << res.error() << '\n';
return 1;