Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / bf3711ef404353d9f75f4e4b0a6cc7364f4e8a9e
commitbf3711ef404353d9f75f4e4b0a6cc7364f4e8a9e[log] [tgz]
authorTreehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>Thu Dec 07 16:03:20 2023 +0000
committerShikha Panwar <shikhapanwar@google.com>Thu Dec 14 17:24:45 2023 +0000
tree18297da7a0e3e0eb1373169da4b5c28353fe2366
parent648257038dd0884b44b7f8968356d3aff0e25e32 [diff]
pVM to use Secretkeeper protected secrets

These secrets are to be stored in Secretkeeper which provides
tamper-evident storage for pVMs.

Regular binder proxy cannot be transferred over RPC binder, so we build
SecretkeeperProxy service that forwards the rpc binder request from
within pVM to Secretkeeper HAL which is a regular binderized HAL. This
proxy service is hosted by virtualizationmanager.

Note on supported device: (is_sk_supported() method): Non protected VM
trusts the claim, whilst for protected VM, we require authentication
data from pvmfw. Support for pVM is not fully done (this doesn't affect
security since pvmfw does code_hash check).

Test: atest MicrodroidTests#encryptedStorageIsPersistent
Bug: 291213394
Change-Id: I3adb78b5eb9d5e7d53b2f990616668e0ceb63471
7 files changed
tree: 18297da7a0e3e0eb1373169da4b5c28353fe2366
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. javalib/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. service_vm/
  17. tests/
  18. virtualizationmanager/
  19. virtualizationservice/
  20. vm/
  21. vm_payload/
  22. vmbase/
  23. vmclient/
  24. zipfuse/
  25. .clang-format
  26. .gitignore
  27. Android.bp
  28. OWNERS
  29. PREUPLOAD.cfg
  30. README.md
  31. rustfmt.toml
  32. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: