commit 88780aac6e29cc0a86216e4e4f47d6b7265151cb
author Seungjae Yoo <seungjaeyoo@google.com> Wed Dec 27 04:43:34 2023 +0000
committer Seungjae Yoo <seungjaeyoo@google.com> Wed Dec 27 05:23:18 2023 +0000
tree 0ee7be163d27b5e69a0628a9bc505d65888076a0
parent ebab0a93000cc3414ecd77a49883fac530e35c83

Enable verifying vendor partition (Reland with additional edits)

This reverts commit ebab0a93000cc3414ecd77a49883fac530e35c83.

Reason for revert: Relanding change with additional edits.

This reland change will include skipping tests booting microdroid with
vendor partition in pVM. Microdroid vendor image for pVM will be
verified with root digest via ABL, and we won't have any methods to pass
information of testing images into secure place like ABL in runtime,
during the test.

Bug: 285855436
Test: atest MicrodroidTests
Test: atest MicrodroidBenchmarks#testMicrodroidDebugBootTime_withVendorPartition

Change-Id: I7266a855e8bdc79e60ceac3328bf123abb97496e

microdroid/fstab.microdroid

diff --git a/microdroid/fstab.microdroid b/microdroid/fstab.microdroid
index da000b9..2742757 100644
--- a/microdroid/fstab.microdroid
+++ b/microdroid/fstab.microdroid
@@ -2,6 +2,4 @@
 # This is a temporary solution to unblock other devs that depend on /vendor partition in Microdroid
 # The /vendor partition will only be mounted if the kernel cmdline contains
 # androidboot.microdroid.mount_vendor=1.
-# TODO(b/285855430): this should probably be defined in the DT
-# TODO(b/285855436): should be mounted on top of dm-verity device
-/dev/block/by-name/microdroid-vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount
+/dev/block/by-name/microdroid-vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,avb_hashtree_digest=/sys/firmware/devicetree/base/avf/vendor_hashtree_descriptor_root_digest