[attestation] Rename the client VM attestation API
As agreed in the doc go/pvm-remote-attestation.
Bug: 303807447
Test: m com.android.virt
Test: run ServiceVmClientApp
Change-Id: Ic954aa60d69e42773c04230af9319e660352d6a9
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
index 172dc59..099a2c0 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
@@ -56,12 +56,13 @@
VirtualMachineDebugInfo[] debugListVms();
/**
- * Requests a certificate using the provided certificate signing request (CSR).
+ * Requests a certificate chain for the provided certificate signing request (CSR).
*
- * @param csr the certificate signing request.
- * @return the X.509 encoded certificate.
+ * @param csr The certificate signing request.
+ * @return A sequence of DER-encoded X.509 certificates that make up the attestation
+ * key's certificate chain. The attestation key is provided in the CSR.
*/
- byte[] requestCertificate(in byte[] csr);
+ byte[] requestAttestation(in byte[] csr);
/**
* Get a list of assignable devices.
diff --git a/virtualizationservice/aidl/android/system/virtualmachineservice/IVirtualMachineService.aidl b/virtualizationservice/aidl/android/system/virtualmachineservice/IVirtualMachineService.aidl
index 7b90714..87d3056 100644
--- a/virtualizationservice/aidl/android/system/virtualmachineservice/IVirtualMachineService.aidl
+++ b/virtualizationservice/aidl/android/system/virtualmachineservice/IVirtualMachineService.aidl
@@ -46,10 +46,11 @@
void notifyError(ErrorCode errorCode, in String message);
/**
- * Requests a certificate using the provided certificate signing request (CSR).
+ * Requests a certificate chain for the provided certificate signing request (CSR).
*
- * @param csr the certificate signing request.
- * @return the X.509 encoded certificate.
+ * @param csr The certificate signing request.
+ * @return A sequence of DER-encoded X.509 certificates that make up the attestation
+ * key's certificate chain. The attestation key is provided in the CSR.
*/
- byte[] requestCertificate(in byte[] csr);
+ byte[] requestAttestation(in byte[] csr);
}
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index a19ecd2..4daa0cf 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -16,7 +16,7 @@
use crate::{get_calling_pid, get_calling_uid};
use crate::atom::{forward_vm_booted_atom, forward_vm_creation_atom, forward_vm_exited_atom};
-use crate::rkpvm::request_certificate;
+use crate::rkpvm::request_attestation;
use android_os_permissions_aidl::aidl::android::os::IPermissionController;
use android_system_virtualizationservice::{
aidl::android::system::virtualizationservice::AssignableDevice::AssignableDevice,
@@ -158,19 +158,20 @@
Ok(cids)
}
- fn requestCertificate(&self, csr: &[u8]) -> binder::Result<Vec<u8>> {
+ fn requestAttestation(&self, csr: &[u8]) -> binder::Result<Vec<u8>> {
check_manage_access()?;
- info!("Received csr. Getting certificate...");
+ info!("Received csr. Requestting attestation...");
if cfg!(remote_attestation) {
- request_certificate(csr)
- .context("Failed to get certificate")
+ request_attestation(csr)
+ .context("Failed to request attestation")
.with_log()
.or_service_specific_exception(-1)
} else {
Err(Status::new_exception_str(
ExceptionCode::UNSUPPORTED_OPERATION,
Some(
- "requestCertificate is not supported with the remote_attestation feature disabled",
+ "requestAttestation is not supported with the remote_attestation feature \
+ disabled",
),
))
.with_log()
diff --git a/virtualizationservice/src/rkpvm.rs b/virtualizationservice/src/rkpvm.rs
index d6e87eb..443b280 100644
--- a/virtualizationservice/src/rkpvm.rs
+++ b/virtualizationservice/src/rkpvm.rs
@@ -21,7 +21,7 @@
use service_vm_comm::{GenerateCertificateRequestParams, Request, Response};
use service_vm_manager::ServiceVm;
-pub(crate) fn request_certificate(csr: &[u8]) -> Result<Vec<u8>> {
+pub(crate) fn request_attestation(csr: &[u8]) -> Result<Vec<u8>> {
let mut vm = ServiceVm::start()?;
// TODO(b/271275206): Send the correct request type with client VM's