custom smcs: check for presence of HAL
Fail fast if HAL is missing
Bug: 360102915
Test: prebumit
Test: /apex/com.android.virt/bin/vm run-microdroid \
-p \
--tee-services vendor.test_pkvm_tee_service
Change-Id: I17d84b32f15f5bd108b94b17918faa2cf456aedf
diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index d7f68b8..76fc657 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs
@@ -117,6 +117,9 @@
const SECRETKEEPER_IDENTIFIER: &str =
"android.hardware.security.secretkeeper.ISecretkeeper/default";
+const VM_CAPABILITIES_HAL_IDENTIFIER: &str =
+ "android.hardware.virtualization.capabilities.IVmCapabilitiesService/default";
+
const UNFORMATTED_STORAGE_MAGIC: &str = "UNFORMATTED-STORAGE";
/// crosvm requires all partitions to be a multiple of 4KiB.
@@ -750,6 +753,12 @@
// TODO(b/391774181): handle vendor tee services (which require talking to HAL) as well.
if !vendor_tee_services.is_empty() {
+ if !is_vm_capabilities_hal_supported() {
+ return Err(anyhow!(
+ "requesting access to tee services requires {VM_CAPABILITIES_HAL_IDENTIFIER}"
+ ))
+ .or_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION);
+ }
return Err(anyhow!("support for vendor tee services is coming soon!"))
.or_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION);
}
@@ -2321,6 +2330,11 @@
.expect("Could not check for declared Secretkeeper interface")
}
+fn is_vm_capabilities_hal_supported() -> bool {
+ binder::is_declared(VM_CAPABILITIES_HAL_IDENTIFIER)
+ .expect("failed to check if {VM_CAPABILITIES_HAL_IDENTIFIER} is present")
+}
+
impl VirtualMachineService {
fn new_binder(state: Arc<Mutex<State>>, cid: Cid) -> Strong<dyn IVirtualMachineService> {
BnVirtualMachineService::new_binder(