Remove botoconfig from MicrodroidData
The bootconfig is loaded and verified by u-boot, so u-boot is
responsible using it as a DICE input.
Test: atest MicrodroidTests
Change-Id: Ibe362cbf876a542ba9d01076ef03d3897eec78a5
diff --git a/microdroid_manager/src/instance.rs b/microdroid_manager/src/instance.rs
index 4d65421..267a0e3 100644
--- a/microdroid_manager/src/instance.rs
+++ b/microdroid_manager/src/instance.rs
@@ -322,7 +322,6 @@
pub apk_data: ApkData,
pub extra_apks_data: Vec<ApkData>,
pub apex_data: Vec<ApexData>,
- pub bootconfig: Box<[u8]>,
}
#[derive(Debug, Serialize, Deserialize, PartialEq)]
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 827f9ff..005baf6 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -34,7 +34,6 @@
use log::{error, info};
use microdroid_metadata::{write_metadata, Metadata};
use microdroid_payload_config::{Task, TaskType, VmPayloadConfig};
-use once_cell::sync::OnceCell;
use payload::{get_apex_data_from_payload, load_metadata, to_metadata};
use rand::Fill;
use ring::digest;
@@ -42,7 +41,6 @@
use rustutils::system_properties::PropertyWatcher;
use std::convert::TryInto;
use std::fs::{self, create_dir, File, OpenOptions};
-use std::io::BufRead;
use std::os::unix::io::{FromRawFd, IntoRawFd};
use std::path::Path;
use std::process::{Child, Command, Stdio};
@@ -308,13 +306,6 @@
) -> Result<MicrodroidData> {
let start_time = SystemTime::now();
- if let Some(saved_bootconfig) = saved_data.map(|d| &d.bootconfig) {
- ensure!(
- saved_bootconfig.as_ref() == get_bootconfig()?.as_slice(),
- MicrodroidError::PayloadChanged(String::from("Bootconfig has changed."))
- );
- }
-
// Verify main APK
let root_hash = saved_data.map(|d| &d.apk_data.root_hash);
let root_hash_from_idsig = get_apk_root_hash_from_idsig(MAIN_APK_IDSIG_PATH)?;
@@ -455,7 +446,6 @@
apk_data: ApkData { root_hash: root_hash_from_idsig, pubkey: main_apk_pubkey },
extra_apks_data,
apex_data: apex_data_from_payload,
- bootconfig: get_bootconfig()?.clone().into_boxed_slice(),
})
}
@@ -506,35 +496,6 @@
}
}
-fn get_bootconfig() -> Result<&'static Vec<u8>> {
- static VAL: OnceCell<Vec<u8>> = OnceCell::new();
- VAL.get_or_try_init(|| -> Result<Vec<u8>> {
- let f = File::open("/proc/bootconfig")?;
-
- // Filter-out androidboot.vbmeta.device which contains UUID of the vbmeta partition. That
- // UUID could change everytime when the same VM is started because the composite disk image
- // is ephemeral. A change in UUID is okay as long as other configs (e.g.
- // androidboot.vbmeta.digest) remain same.
- Ok(std::io::BufReader::new(f)
- .lines()
- // note: this try_fold is to early return when we fail to read a line from the file
- .try_fold(Vec::new(), |mut lines, line| {
- line.map(|s| {
- lines.push(s);
- lines
- })
- })?
- .into_iter()
- .filter(|line| {
- let tokens: Vec<&str> = line.splitn(2, '=').collect();
- // note: if `line` doesn't have =, tokens[0] is the entire line.
- tokens[0].trim() != "androidboot.vbmeta.device"
- })
- .flat_map(|line| (line + "\n").into_bytes())
- .collect())
- })
-}
-
fn load_config(path: &Path) -> Result<VmPayloadConfig> {
info!("loading config from {:?}...", path);
let file = ioutil::wait_for_file(path, WAIT_TIMEOUT)?;