commit	eb97d4afce9cc643066be69535f6dfc5f70ea004	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Thu Aug 26 14:24:32 2021 +0100
committer	Alan Stokes <alanstokes@google.com>	Fri Sep 03 10:39:17 2021 +0100
tree	0683bef035f8ea69f95b37b82b7e8266e24d07bc
parent	0871dbabe066efc3f8772e8c34faa0242a5e4c02 [diff]

Add standalone binary to verify CompOs keys. This is intended to be executed by odsign, to replace the existing verifyCompOsKey() function along with all of FakeCompOs. It checks that we have an existing image file, private key blob and public key, starts the VM from the image and gets it to verify the key pair. Either the current instance or the pending one can be checked. If verification succeeds the execution returns success, and if it was the pending instance it is moved to replace the previous current one. If verification fails the directory and all the files in it are deleted. This is based on the logic in verifyCompOsKey() and also the code in compos_key_cmd, converted from C++ to Rust and productionized somewhat, and various existing Rust tools. Still to do: changes to odsign to run this, along with required sepolicy; extract some of the code to a common library (I'll do that when I have the second use case); use onPayloadReady(). Bug: 193603140 Test: Manual, in various success & failure situations Change-Id: Ie126e1ead75c695dc2d193bdcf4edf11dac7f7fc

tree: 0683bef035f8ea69f95b37b82b7e8266e24d07bc

apex/
apkdmverity/
apkverify/
authfs/
compos/
demo/
docs/
idsig/
javalib/
launcher/
microdroid/
microdroid_manager/
tests/
virtualizationservice/
vm/
vmconfig/
zipfuse/
rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
.clang-format
Android.bp
OWNERS
PREUPLOAD.cfg
README.md
TEST_MAPPING

README.md

Virtualization

This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.