[rialto] Enable Rialto to run in protected VM
Prior to this cl, Rialto couldn't run in protected VM because MMIO
access is blocked by default in protected mode, this cl enables
the MMIO guard. We should also unmap the MMIO range used in Rialto
in the future.
Bug: 272226230
Test: atest rialto_test
Change-Id: Iaf4a9c74ddbd068ee10cc981c261d38a02c63993
diff --git a/rialto/Android.bp b/rialto/Android.bp
index c2a19f3..5034bf4 100644
--- a/rialto/Android.bp
+++ b/rialto/Android.bp
@@ -11,7 +11,9 @@
rustlibs: [
"libaarch64_paging",
"libbuddy_system_allocator",
+ "libhyp",
"liblog_rust_nostd",
+ "libsmccc",
"libvmbase",
],
apex_available: ["com.android.virt"],
@@ -36,7 +38,7 @@
}
raw_binary {
- name: "rialto",
+ name: "rialto_unsigned",
src: ":rialto_elf",
enabled: false,
target: {
@@ -46,6 +48,42 @@
},
}
+// python -c "import hashlib; print(hashlib.sha256(b'rialto_salt').hexdigest())"
+rialto_salt = "ea9d8c3ae1785396884d0c16c7652921874e2b8703f336ff23760f2049ee9e29"
+
+filegroup {
+ name: "rialto_sign_key",
+ srcs: [":avb_testkey_rsa4096"],
+}
+
+avb_add_hash_footer {
+ name: "rialto_signed",
+ src: ":empty_file",
+ filename: "rialto",
+ partition_name: "boot",
+ private_key: ":rialto_sign_key",
+ salt: rialto_salt,
+ enabled: false,
+ arch: {
+ arm64: {
+ src: ":rialto_unsigned",
+ enabled: true,
+ },
+ },
+}
+
+prebuilt_etc {
+ name: "rialto_bin",
+ filename: "rialto.bin",
+ target: {
+ android_arm64: {
+ src: ":rialto_signed",
+ },
+ },
+ src: ":empty_file",
+ installable: false,
+}
+
rust_test {
name: "rialto_test",
crate_name: "rialto_test",
@@ -62,7 +100,8 @@
"libvmclient",
],
data: [
- ":rialto",
+ ":rialto_bin",
+ ":rialto_unsigned",
],
test_suites: ["general-tests"],
enabled: false,