[service-vm] Identitfy service VM in pvmfw with avb property
The kernel footer only accepted hash descriptor prior to this change.
With this change, at most one property descriptor is allow to
indicate that this VM is a service VM.
Test: atest libpvmfw_avb.integration_test
Bug: 279557218
Change-Id: Ied476eba2e88be63ab78eae7ed05512a97406ec2
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index fdc9407..9afd816 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -53,6 +53,7 @@
use libfdt::Fdt;
use log::{debug, error, info, trace, warn};
use pvmfw_avb::verify_payload;
+use pvmfw_avb::Capability;
use pvmfw_avb::DebugLevel;
use pvmfw_embedded_key::PUBLIC_KEY;
@@ -105,6 +106,10 @@
RebootReason::PayloadVerificationError
})?;
+ if verified_boot_data.capabilities.contains(&Capability::RemoteAttest) {
+ info!("Service VM capable of remote attestation detected");
+ }
+
let next_bcc = heap::aligned_boxed_slice(NEXT_BCC_SIZE, GUEST_PAGE_SIZE).ok_or_else(|| {
error!("Failed to allocate the next-stage BCC");
RebootReason::InternalError