Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 9b4b3338f3c5ae9bb63ebe79999e1319baba452d
commit9b4b3338f3c5ae9bb63ebe79999e1319baba452d[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Sat Feb 24 17:09:47 2024 +0000
committerShikha Panwar <shikhapanwar@google.com>Wed Feb 28 14:03:39 2024 +0000
tree3a661471956cef3bfce863eb0c95d230b79ab135
parent359a84c58a03c5f3ebb8249794aeecd87af2bd61 [diff]
Microdroid: Skip instance.img checks

Microdroid no more needs Instance Image partition if Secretkeeper is
enabled.

The use of instance.img is to store package data at first boot of the
instance & MM ensures that it did not change on further boot.  With
Secretkeeper based rollback protection, the auth_hash & version of each
of these packages are part of DICE Policy & Sk ensures that the secrets
are not released if the version downgrades or auth_hash changes.
Therefore, there is no longer any need for this data to be in
instance.img

Note: Since Secretkeeper is an optional HAL in Android V, we still need
to support the instance.img for cases when Secretkeeper implementation
is not available.

Security: This opens up the Sealing CDIs of a pVM to Payload with lower
security version. But all CDIs will be reset once pvmfw starts including
Instance-Id in the hidden inputs, so this is a safe change.

Trunk Flagging: If LLPVM flag is disabled, is_sk_supported() returns
false & legacy route of verification with instance img is executed.

Bug: 291306122
Test: Get an instance.img of a pVM (started with vm run-microdroid)
Test: hexdump -C img | grep for Microdroid partition UUID. It should be missing

Change-Id: Iad97f2c81f759a1c13eac6d1302dee43be534e11
2 files changed
tree: 3a661471956cef3bfce863eb0c95d230b79ab135
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. java/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. service_vm/
  17. tests/
  18. virtualizationmanager/
  19. virtualizationservice/
  20. vm/
  21. vm_payload/
  22. vmbase/
  23. vmclient/
  24. zipfuse/
  25. .clang-format
  26. .gitignore
  27. Android.bp
  28. avf_flags.aconfig
  29. OWNERS
  30. PREUPLOAD.cfg
  31. README.md
  32. rustfmt.toml
  33. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: