Add a proto for the microdroid signature partition
Microdroid will use this special partition composed of signatures to
verify the payloads delivered from the host.
For now it only conveys the list of APEX signatures: size, public key,
root digest.
The signature partition can be a part of the payload composite disk
image.
The format of the signature partition is, as described in README.md,
composed of header and body. For now the header is simply the size of
the body(protobuf message).
Bug: 185069443
Test: n/a
Change-Id: I47c7eac195999bab15ee80d3ad053261f04df89c
diff --git a/microdroid/signature/README.md b/microdroid/signature/README.md
new file mode 100644
index 0000000..526f7a8
--- /dev/null
+++ b/microdroid/signature/README.md
@@ -0,0 +1,15 @@
+# Microdroid Signature
+
+Microdroid Signature contains the signatures of the payloads so that the payloads are
+verified inside the Guest OS.
+
+* APEX packages that are passed to microdroid should be listed in the Microroid Signature.
+
+## Format
+
+Microdroid Signature is composed of header and body.
+
+| offset | size | description |
+|--------|------|----------------------------------------------------------------|
+| 0 | 4 | Header. unsigned int32: body length(L) in big endian |
+| 4 | L | Body. A protobuf message. [schema](microdroid_signature.proto) |
diff --git a/microdroid/signature/microdroid_signature.proto b/microdroid/signature/microdroid_signature.proto
new file mode 100644
index 0000000..8335ff5
--- /dev/null
+++ b/microdroid/signature/microdroid_signature.proto
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+package android.microdroid;
+
+// Microdroid Signature is the body of the signature partition.
+message MicrodroidSignature {
+ uint32 version = 1;
+
+ // Lists the signature information of the payload apexes.
+ // The payload apexes are mapped to the partitions following the signature partition.
+ repeated ApexSignature apexes = 2;
+}
+
+message ApexSignature {
+ // Required.
+ // The apex name.
+ string name = 1;
+
+ // Required.
+ // The original size of the apex file.
+ uint32 size = 2;
+
+ // Optional.
+ // When specified, the public key used to sign the apex should match with it.
+ string publicKey = 3;
+
+ // Optional.
+ // When specified, the root digest of the apex should match with it.
+ string rootDigest = 4;
+}