commit 77c7f7167516288e8b9c3b7ebb1821fb30bf47ba
author Inseob Kim <inseob@google.com> Mon Nov 06 17:01:02 2023 +0900
committer Inseob Kim <inseob@google.com> Thu Nov 16 15:43:32 2023 +0900
tree 1c9343de07ddc01c2871847861fab826a3ba08f5
parent 6a6ea302c3b80cc3489d79143879fb4418135b03

Add GKI kernel to virt APEX

This kernel can be used instead of microdroid kernel.

Bug: 305118971
Test: build
Change-Id: Iafc51b4e86ad116b6531eb4e7e7603f5b1ef2705

microdroid/Android.bp

diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 4e735e6..a1ce594 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -330,6 +330,22 @@
     ],
 }
 
+android_filesystem {
+    name: "microdroid_gki_modules-6.1-arm64",
+    deps: [
+        "microdroid_gki_kernel_modules-6.1-arm64",
+    ],
+    type: "compressed_cpio",
+}
+
+android_filesystem {
+    name: "microdroid_gki_modules-6.1-x86_64",
+    deps: [
+        "microdroid_gki_kernel_modules-6.1-x86_64",
+    ],
+    type: "compressed_cpio",
+}
+
 genrule {
     name: "microdroid_bootconfig_arm64_gen",
     srcs: [
@@ -444,6 +460,23 @@
     },
 }
 
+avb_gen_vbmeta_image {
+    name: "microdroid_gki_initrd_normal_hashdesc",
+    src: ":microdroid_gki_initrd_normal",
+    partition_name: "initrd_normal",
+    salt: initrd_normal_salt,
+    enabled: false,
+    arch: {
+        // Microdroid kernel is only available in these architectures.
+        arm64: {
+            enabled: true,
+        },
+        x86_64: {
+            enabled: true,
+        },
+    },
+}
+
 // python -c "import hashlib; print(hashlib.sha256(b'initrd_debug').hexdigest())"
 initrd_debug_salt = "8ab9dc9cb7e6456700ff6ef18c6b4c3acc24c5fa5381b829563f8d7a415d869a"
 
@@ -464,6 +497,23 @@
     },
 }
 
+avb_gen_vbmeta_image {
+    name: "microdroid_gki_initrd_debug_hashdesc",
+    src: ":microdroid_gki_initrd_debuggable",
+    partition_name: "initrd_debug",
+    salt: initrd_debug_salt,
+    enabled: false,
+    arch: {
+        // Microdroid kernel is only available in these architectures.
+        arm64: {
+            enabled: true,
+        },
+        x86_64: {
+            enabled: true,
+        },
+    },
+}
+
 soong_config_module_type {
     name: "flag_aware_avb_add_hash_footer",
     module_type: "avb_add_hash_footer",
@@ -513,6 +563,42 @@
     },
 }
 
+flag_aware_avb_add_hash_footer {
+    name: "microdroid_gki_kernel_signed",
+    src: ":empty_file",
+    filename: "microdroid_gki_kernel",
+    partition_name: "boot",
+    private_key: ":microdroid_sign_key",
+    salt: bootloader_salt,
+    enabled: false,
+    arch: {
+        arm64: {
+            src: ":microdroid_gki_kernel_prebuilts-6.1-arm64",
+            enabled: true,
+        },
+        x86_64: {
+            src: ":microdroid_gki_kernel_prebuilts-6.1-x86_64",
+            enabled: true,
+        },
+    },
+    include_descriptors_from_images: [
+        ":microdroid_gki_initrd_normal_hashdesc",
+        ":microdroid_gki_initrd_debug_hashdesc",
+    ],
+    // Below are properties that are conditionally set depending on value of build flags.
+    soong_config_variables: {
+        release_avf_enable_llpvm_changes: {
+            rollback_index: 1,
+            props: [
+                {
+                    name: "com.android.virt.cap",
+                    value: "secretkeeper_protection",
+                },
+            ],
+        },
+    },
+}
+
 prebuilt_etc {
     name: "microdroid_kernel",
     src: ":empty_file",
@@ -526,3 +612,17 @@
         },
     },
 }
+
+prebuilt_etc {
+    name: "microdroid_gki_kernel",
+    src: ":empty_file",
+    relative_install_path: "fs",
+    arch: {
+        arm64: {
+            src: ":microdroid_gki_kernel_signed",
+        },
+        x86_64: {
+            src: ":microdroid_gki_kernel_signed",
+        },
+    },
+}