Add option to start trusty from raw binary image
This change adds option to start trusty from raw binary image. This is
required for trusty image to be able to be verified by pvmfw. pvmfw
relies on AVB footer for verification, which currently cannot be used
with an elf image. Futhermove Trusty currently does not support other
kernel image format to be verified by the crosvm.
Bug: 375584439
Test: /system_ext/bin/trusty_security_vm_launcher --load-kernel-as-bootloader
Change-Id: Id72efcb95ed992e4e0270d4e21de8e2f5e74f9be
diff --git a/guest/trusty/security_vm/launcher/src/main.rs b/guest/trusty/security_vm/launcher/src/main.rs
index 9611f26..8dd7c43 100644
--- a/guest/trusty/security_vm/launcher/src/main.rs
+++ b/guest/trusty/security_vm/launcher/src/main.rs
@@ -32,6 +32,10 @@
#[arg(long)]
kernel: PathBuf,
+ // Whether the kernel should be loaded as a bootloader
+ #[arg(long)]
+ load_kernel_as_bootloader: bool,
+
/// Whether the VM is protected or not.
#[arg(long)]
protected: bool,
@@ -70,10 +74,16 @@
let kernel =
File::open(&args.kernel).with_context(|| format!("Failed to open {:?}", &args.kernel))?;
+ let kernel = ParcelFileDescriptor::new(kernel);
+
+ // If --load-kernel-as-bootloader option is present, then load kernel as bootloader
+ let (kernel, bootloader) =
+ if args.load_kernel_as_bootloader { (None, Some(kernel)) } else { (Some(kernel), None) };
let vm_config = VirtualMachineConfig::RawConfig(VirtualMachineRawConfig {
name: args.name.to_owned(),
- kernel: Some(ParcelFileDescriptor::new(kernel)),
+ kernel,
+ bootloader,
protectedVm: args.protected,
memoryMib: args.memory_size_mib,
cpuTopology: args.cpu_topology,