VmSecret struct: Encapsulate secret mechanisms The current secrets are derived from Dice sealing CDIs , called V1. The new mechanism will will derive secret from Dice Sealing CDIs and Rollback protected secret (using Secretkeeper HAL). This patch create scaffolding code to describe these. This is guarded by feature flag: release_avf_enable_llpvm_changes, which when disabled, pVMs use V1 secrets. Bug: 291216276 Bug: 291213394 Test: atest MicrodroidTests#encryptedStorageIsPersistent Change-Id: I7d610ba97b6f3e45c757546614dc3216e9d0e78f

commit: 95084dfd8587992bb384759544678fd0ab5cef8b [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Sat Jul 22 11:47:45 2023 +0000
committer: Shikha Panwar <shikhapanwar@google.com> Fri Sep 08 14:31:53 2023 +0000
tree: 039ec752a1544f8f270f530c3aebeaef7bffa3ab
parent: c98acd547b04ff52d73fd49d856d29ef7248de43 [diff] [blame]
diff --git a/Android.bp b/Android.bp
index cde4419..4fa696f 100644
--- a/Android.bp
+++ b/Android.bp

@@ -34,6 +34,7 @@
     config_namespace: "ANDROID",
     bool_variables: [
         "release_avf_enable_dice_changes",
+        "release_avf_enable_llpvm_changes",
         "release_avf_enable_multi_tenant_microdroid_vm",
         "release_avf_enable_vendor_modules",
     ],
@@ -48,6 +49,9 @@
         release_avf_enable_dice_changes: {
             cfgs: ["dice_changes"],
         },
+        release_avf_enable_llpvm_changes: {
+            cfgs: ["llpvm_changes"],
+        },
         release_avf_enable_multi_tenant_microdroid_vm: {
             cfgs: ["payload_not_root"],
         },
commit	95084dfd8587992bb384759544678fd0ab5cef8b	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Sat Jul 22 11:47:45 2023 +0000
committer	Shikha Panwar <shikhapanwar@google.com>	Fri Sep 08 14:31:53 2023 +0000
tree	039ec752a1544f8f270f530c3aebeaef7bffa3ab
parent	c98acd547b04ff52d73fd49d856d29ef7248de43 [diff] [blame]