Merge "add 'target' gitignore" into main
diff --git a/docs/microdroid_vendor_modules.md b/docs/microdroid_vendor_modules.md
index 6ead195..11ce611 100644
--- a/docs/microdroid_vendor_modules.md
+++ b/docs/microdroid_vendor_modules.md
@@ -78,7 +78,7 @@
`/apex/com.android.virt/bin/vm run-microdroid` CLI commands, e.g.:
```
-adb shell /apex/com.android.virt/bin/vm/run-microdroid \
+adb shell /apex/com.android.virt/bin/vm run-microdroid \
--debug full \
--vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
```
@@ -103,7 +103,7 @@
Microdroid vendor partition, e.g.:
```
-adb shell /apex/com.android.virt/bin/vm/run-microdroid \
+adb shell /apex/com.android.virt/bin/vm run-microdroid \
--debug full \
--protected \
--vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
diff --git a/guest/trusty/security_vm/vm/Android.bp b/guest/trusty/security_vm/vm/Android.bp
index f23385b..ee64095 100644
--- a/guest/trusty/security_vm/vm/Android.bp
+++ b/guest/trusty/security_vm/vm/Android.bp
@@ -12,12 +12,79 @@
src: ":trusty_security_vm_signed",
},
arm64: {
- src: ":trusty_security_vm_signed",
+ src: ":security_vm_elf",
},
},
src: ":empty_file",
}
+cc_binary {
+ name: "security_vm_elf",
+ srcs: [
+ ":security_vm_signed_obj",
+ ],
+ linker_scripts: [
+ "security_vm_sections.ld",
+ ],
+ ldflags: [
+ // Prevent the `trusty_security_vm_signed` segment from being garbage collected.
+ "-Wl,--no-gc-sections",
+ // Prevent the build ID segments from being added, as it would corrupt the integrity
+ // of the original signed image.
+ "-Wl,--build-id=none",
+ // Use a standard page size of 4096, smaller than the default 16384, to avoid padding
+ // with extra bytes.
+ "-Wl,-z,max-page-size=4096",
+ ],
+ nocrt: true,
+ no_libcrt: true,
+ static_executable: true,
+ system_shared_libs: [],
+ enabled: false,
+ target: {
+ android_arm64: {
+ enabled: true,
+ },
+ },
+ strip: {
+ none: true,
+ },
+}
+
+cc_genrule {
+ name: "security_vm.S",
+ arch: {
+ arm64: {
+ srcs: [":trusty_security_vm_signed"],
+ },
+ },
+ out: ["security_vm.S"],
+ cmd: "(" +
+ " echo '.section .security_vm_signed.bin';" +
+ " echo '.globl security_vm_signed';" +
+ " echo 'security_vm_signed:';" +
+ " echo '.incbin \"'$(in)'\"';" +
+ ") > $(out)",
+ visibility: ["//visibility:private"],
+}
+
+cc_object {
+ name: "security_vm_signed_obj",
+ srcs: [
+ ":security_vm.S",
+ ],
+ static_libs: ["trusty_security_vm_signed"],
+ crt: false,
+ system_shared_libs: [],
+ enabled: false,
+ target: {
+ android_arm64: {
+ enabled: true,
+ },
+ },
+ visibility: ["//visibility:private"],
+}
+
filegroup {
name: "trusty_vm_sign_key",
srcs: [":avb_testkey_rsa4096"],
@@ -49,7 +116,20 @@
enabled: true,
},
arm64: {
- src: ":trusty-test-lk.elf",
+ src: ":trusty_security_vm_unsigned",
+ enabled: true,
+ },
+ },
+}
+
+// TODO(b/379646659): Take the binary generated by trusty instead of extracting
+// it from ELF here.
+raw_binary {
+ name: "trusty_security_vm_unsigned",
+ src: ":trusty-test-lk.elf",
+ enabled: false,
+ arch: {
+ arm64: {
enabled: true,
},
},
diff --git a/guest/trusty/security_vm/vm/security_vm_sections.ld b/guest/trusty/security_vm/vm/security_vm_sections.ld
new file mode 100644
index 0000000..63e5f5d
--- /dev/null
+++ b/guest/trusty/security_vm/vm/security_vm_sections.ld
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2025 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+ENTRY(security_vm_signed)
+
+SECTIONS
+{
+ . = 0x0;
+ .text : {
+ *(.security_vm_signed.bin)
+ }
+}
diff --git a/guest/vmbase_example/Android.bp b/guest/vmbase_example/Android.bp
index e5dfc2a..30d72bd 100644
--- a/guest/vmbase_example/Android.bp
+++ b/guest/vmbase_example/Android.bp
@@ -40,6 +40,9 @@
"-E",
"-P",
"-xassembler-with-cpp", // allow C preprocessor directives
+ // Soong passes an implicit -c before -E. Suppress the warning about -c
+ // being unused.
+ "-Wno-unused-command-line-argument",
],
srcs: [":vmbase_image.ld.S.mm"],
visibility: ["//visibility:private"],