Sign bootconfig partitions We need to verify the bootconfig partitions. Otherwise, attackers can compose a random bootconfig partition, and use it instead of the prebuilt ones. Then they would be able to modify the behavior of the VM. Now, bootconfig partitions are signed using avb just like other partitions. In addition, the disk 1 where the bootconfig is in has a new vbmeta partition. The partition has the bootconfig partition as the chained partition. This vbmeta partition can be used to add more bootconfig-like partitions in the future. Bug: 203031847 Test: run microdroid test app Change-Id: I66c7defd07785fcb13180a368786151bd973cc65

commit: acf31b0105c2da405b856ab02724dbc976b9a99e [log] [tgz]
author: Jiyong Park <jiyong@google.com> Thu Nov 04 20:45:14 2021 +0900
committer: Jiyong Park <jiyong@google.com> Thu Nov 04 21:26:17 2021 +0900
tree: d30656d1f17d5f796ea258a6163a27fca925e79c
parent: 20e33ffab2ceb9c965d766a0279776515a6d0541 [diff]
diff --git a/apex/Android.bp b/apex/Android.bp
index af65e79..9d4cfdf 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp

@@ -39,6 +39,7 @@
                 "microdroid_boot-5.10",
                 "microdroid_vendor_boot-5.10",
                 "microdroid_vbmeta",
+                "microdroid_vbmeta_bootconfig",
             ],
         },
     },
commit	acf31b0105c2da405b856ab02724dbc976b9a99e	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Thu Nov 04 20:45:14 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Thu Nov 04 21:26:17 2021 +0900
tree	d30656d1f17d5f796ea258a6163a27fca925e79c
parent	20e33ffab2ceb9c965d766a0279776515a6d0541 [diff]