[attestation] Validate vendor module loaded by client VM in RKP VM This cl added the following tasks to the RKP VM: - Parses a client VM DICE chain containing an additional vendor module entry. - Validates the code hash in the vendor module DICE entry against the code hash read from the device tree. The cl also adds a CTS test that triggers the VM attestation from a VM with vendor module. Bug: 330678211 Test: atest MicrodroidTests Change-Id: Id56c6edd8baa32bae6a8ad7b5bca7b18ce167022

commit: 9eebbab9ca0765dec4216fb221401e6ebbab7ddc [log] [tgz]
author: Alice Wang <aliceywang@google.com> Wed Apr 10 14:57:27 2024 +0000
committer: Alice Wang <aliceywang@google.com> Thu Apr 25 16:46:47 2024 +0000
tree: 8745eb9a179ff628a90314707482d4892b841ee4
parent: a93fea919a5d18b358e896b74cda1d6675c9348c [diff] [blame]
diff --git a/rialto/src/fdt.rs b/rialto/src/fdt.rs
index 09cdd36..b220f41 100644
--- a/rialto/src/fdt.rs
+++ b/rialto/src/fdt.rs

@@ -24,3 +24,8 @@
     let node = node.next_compatible(cstr!("google,open-dice"))?.ok_or(FdtError::NotFound)?;
     node.first_reg()?.try_into()
 }
+
+pub(crate) fn read_vendor_hashtree_root_digest(fdt: &Fdt) -> libfdt::Result<Option<&[u8]>> {
+    let node = fdt.node(cstr!("/avf"))?.ok_or(FdtError::NotFound)?;
+    node.getprop(cstr!("vendor_hashtree_descriptor_root_digest"))
+}
commit	9eebbab9ca0765dec4216fb221401e6ebbab7ddc	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Wed Apr 10 14:57:27 2024 +0000
committer	Alice Wang <aliceywang@google.com>	Thu Apr 25 16:46:47 2024 +0000
tree	8745eb9a179ff628a90314707482d4892b841ee4
parent	a93fea919a5d18b358e896b74cda1d6675c9348c [diff] [blame]