Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / acf31b0105c2da405b856ab02724dbc976b9a99e
commitacf31b0105c2da405b856ab02724dbc976b9a99e[log] [tgz]
authorJiyong Park <jiyong@google.com>Thu Nov 04 20:45:14 2021 +0900
committerJiyong Park <jiyong@google.com>Thu Nov 04 21:26:17 2021 +0900
treed30656d1f17d5f796ea258a6163a27fca925e79c
parent20e33ffab2ceb9c965d766a0279776515a6d0541 [diff]
Sign bootconfig partitions

We need to verify the bootconfig partitions. Otherwise, attackers can
compose a random bootconfig partition, and use it instead of the
prebuilt ones. Then they would be able to modify the behavior of the VM.

Now, bootconfig partitions are signed using avb just like other
partitions. In addition, the disk 1 where the bootconfig is in has
a new vbmeta partition. The partition has the bootconfig partition as
the chained partition. This vbmeta partition can be used to add more
bootconfig-like partitions in the future.

Bug: 203031847
Test: run microdroid test app
Change-Id: I66c7defd07785fcb13180a368786151bd973cc65
3 files changed
tree: d30656d1f17d5f796ea258a6163a27fca925e79c
  1. apex/
  2. apkdmverity/
  3. apkverify/
  4. authfs/
  5. binder_common/
  6. compos/
  7. demo/
  8. docs/
  9. idsig/
  10. javalib/
  11. launcher/
  12. libs/
  13. microdroid/
  14. microdroid_manager/
  15. pvmfw/
  16. tests/
  17. virtualizationservice/
  18. vm/
  19. vmconfig/
  20. zipfuse/
  21. rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
  22. .clang-format
  23. Android.bp
  24. OWNERS
  25. PREUPLOAD.cfg
  26. README.md
  27. TEST_MAPPING
README.md

Virtualization

This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.