pvmfw: avb: Add API tests for tampered initrd Add tests specifically covering a tampered initrd of unmodified size. Add comment explaining why pvmfw::avb::Ops::verify_partition() works on initrd, so that I don't have to go back and read libavb code again next time I come across this code and have inevitably forgotten why it works. Test: TH Change-Id: I1597037f3d28d927a591eefc6570cfbedba9ad94

commit: 781afeee375709cb133743b9ded37f8954c8991e [log] [tgz]
author: Pierre-Clément Tosi <ptosi@google.com> Mon Jan 27 20:51:27 2025 +0000
committer: Pierre-Clément Tosi <ptosi@google.com> Mon Jan 27 21:46:04 2025 +0000
tree: 66c99bd9d45453b2244a0e6bda406b9be1d614d1
parent: 5467ed3115132766c20e413297901848bf0eee5b [diff] [blame]
diff --git a/guest/pvmfw/avb/src/ops.rs b/guest/pvmfw/avb/src/ops.rs
index 62bf239..780e23b 100644
--- a/guest/pvmfw/avb/src/ops.rs
+++ b/guest/pvmfw/avb/src/ops.rs

@@ -60,6 +60,14 @@
         &mut self,
         partition_name: &CStr,
     ) -> SlotVerifyResult<SlotVerifyData<'a>> {
+        // Note that this call manages to verify the initrd images using hashes contained in the
+        // (unique) VBMeta from the end of self.kernel because if
+        //
+        // - read_from_partition("vbmeta") returns AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION and
+        // - we do NOT pass AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION to slot_verify()
+        //
+        // then libavb (specifically, avb_slot_verify()) falls back to retrieving VBMeta from the
+        // footer of the "boot" partition i.e. self.kernel (see PartitionName::Kernel).
         slot_verify(
             self,
             &[partition_name],
commit	781afeee375709cb133743b9ded37f8954c8991e	[log] [tgz]
author	Pierre-Clément Tosi <ptosi@google.com>	Mon Jan 27 20:51:27 2025 +0000
committer	Pierre-Clément Tosi <ptosi@google.com>	Mon Jan 27 21:46:04 2025 +0000
tree	66c99bd9d45453b2244a0e6bda406b9be1d614d1
parent	5467ed3115132766c20e413297901848bf0eee5b [diff] [blame]