pvmfw: Defer rbp checks & instance.img is obsolete
If secretkeeper is supported on the device (and therefore DT has the
relevant property present), pvmfw can skip the code hash checks, payload
will take care of only releasing secrets to upgraded versions of the
images using appropriately set Dice Policies.
Additionally, make salt in instance.img obsolete. It should instead be
derived from instance_id in DT.
The consequence of above 2 is that instance.img will no longer be needed
by pvmfw.
As far as `new_instance` is concerned, if instance.img is present
(because Sk is not supported on device), instance img can still be used
to determine it. But if Sk is supported on devices (defer_rpb is set)
new_instance can no more determined, let it be false. Microdroid manager
will check if the get_secret() returns EntryNotFound Error & that would
indicate that this is indeed the first run of the instance.
Test: Inspect instance.img does not contain the pvmfw partition.
Test: Run a Microdroid instance, save its instance data (instance_id &
all). Rebuild Microdroid with higher rollback_index & flash the apex.
Re-run the instance, it succeeds. Again Rebuild Microdroid will lower
rollback_index & repeat. Check that the VM fails to boot with
DicePolicy error. Also inspect the sealing_policy.
Bug: 291213394
Change-Id: Iebfcdd5d89513b8f24c937b2f2cd9a298d01b74d
diff --git a/pvmfw/src/dice.rs b/pvmfw/src/dice.rs
index 540fd03..67865e5 100644
--- a/pvmfw/src/dice.rs
+++ b/pvmfw/src/dice.rs
@@ -93,7 +93,8 @@
rkp_vm_marker: bool,
salt: [u8; HIDDEN_SIZE],
}
-
+ // TODO(b/291213394): Include `defer_rollback_protection` flag in the Hidden Input to
+ // differentiate the secrets in both cases.
hash(HiddenInput { rkp_vm_marker: self.rkp_vm_marker, salt: *salt }.as_bytes())
}