[service-vm] Persist the service VM instance image in VS
This cl persists the instance image of the service VM across
different VMs and manages it within the target
virtualizationservice.
Bug: 278858244
Test: Runs the ServiceVmClientApp in VM
Test: atest MicrodroidHostTests
Change-Id: Ic0a2205bae236a933d3ddd807bd124ebaaa18f8d
diff --git a/virtualizationservice/src/rkpvm.rs b/virtualizationservice/src/rkpvm.rs
index 63160f4..bb05edd 100644
--- a/virtualizationservice/src/rkpvm.rs
+++ b/virtualizationservice/src/rkpvm.rs
@@ -16,74 +16,13 @@
//! The RKP VM will be recognized and attested by the RKP server periodically and
//! serves as a trusted platform to attest a client VM.
-use android_system_virtualizationservice::{
- aidl::android::system::virtualizationservice::{
- CpuTopology::CpuTopology, DiskImage::DiskImage, Partition::Partition,
- PartitionType::PartitionType, VirtualMachineConfig::VirtualMachineConfig,
- VirtualMachineRawConfig::VirtualMachineRawConfig,
- },
- binder::{ParcelFileDescriptor, ProcessState},
-};
-use anyhow::{anyhow, Context, Result};
+use crate::service_vm;
+use anyhow::{anyhow, Result};
use log::info;
-use std::fs::File;
use std::time::Duration;
-use vmclient::VmInstance;
-const RIALTO_PATH: &str = "/apex/com.android.virt/etc/rialto.bin";
-
-pub(crate) fn request_certificate(
- csr: &[u8],
- instance_img_fd: &ParcelFileDescriptor,
-) -> Result<Vec<u8>> {
- // We need to start the thread pool for Binder to work properly, especially link_to_death.
- ProcessState::start_thread_pool();
-
- let virtmgr = vmclient::VirtualizationService::new().context("Failed to spawn virtmgr")?;
- let service = virtmgr.connect().context("virtmgr failed to connect")?;
- info!("service_vm: Connected to VirtualizationService");
- // TODO(b/272226230): Either turn rialto into the service VM or use an empty payload here.
- // If using an empty payload, the service code will be part of pvmfw.
- let rialto = File::open(RIALTO_PATH).context("Failed to open Rialto kernel binary")?;
-
- // TODO(b/272226230): Initialize the partition from virtualization manager.
- const INSTANCE_IMG_SIZE_BYTES: i64 = 1 << 20; // 1MB
- service
- .initializeWritablePartition(
- instance_img_fd,
- INSTANCE_IMG_SIZE_BYTES,
- PartitionType::ANDROID_VM_INSTANCE,
- )
- .context("Failed to initialize instange.img")?;
- let instance_img =
- instance_img_fd.as_ref().try_clone().context("Failed to clone instance.img")?;
- let instance_img = ParcelFileDescriptor::new(instance_img);
- let writable_partitions = vec![Partition {
- label: "vm-instance".to_owned(),
- image: Some(instance_img),
- writable: true,
- }];
- info!("service_vm: Finished initializing instance.img...");
-
- let config = VirtualMachineConfig::RawConfig(VirtualMachineRawConfig {
- name: String::from("Service VM"),
- kernel: None,
- initrd: None,
- params: None,
- bootloader: Some(ParcelFileDescriptor::new(rialto)),
- disks: vec![DiskImage { image: None, partitions: writable_partitions, writable: true }],
- protectedVm: true,
- memoryMib: 300,
- cpuTopology: CpuTopology::ONE_CPU,
- platformVersion: "~1.0".to_string(),
- gdbPort: 0, // No gdb
- ..Default::default()
- });
- let vm = VmInstance::create(service.as_ref(), &config, None, None, None, None)
- .context("Failed to create service VM")?;
-
- info!("service_vm: Starting Service VM...");
- vm.start().context("Failed to start service VM")?;
+pub(crate) fn request_certificate(csr: &[u8]) -> Result<Vec<u8>> {
+ let vm = service_vm::start()?;
// TODO(b/274441673): The host can send the CSR to the RKP VM for attestation.
// Wait for VM to finish.