commit c8deb479237e3cb30a2dbf9fc9792777622531da
author Jooyung Han <jooyung@google.com> Mon Sep 13 13:48:25 2021 +0900
committer Jooyung Han <jooyung@google.com> Mon Sep 13 18:32:21 2021 +0900
tree ea42e00210c98f35f2183e3a4bb4a5ce2fb67343
parent 64d96fb60240eebfcac8baa62d8776257465f7ff

Store/Pass root digests of APEX payload

Root digests of APEX payload are now collected by microdroid_manager and
stored in instance.img and passed to apexd.

Bug: 199371341
Test: MicrodroidHostTestCases
Change-Id: I940347068400822f7d8140c3daf68036f553b087

microdroid_manager/src/payload.rs

diff --git a/microdroid_manager/src/payload.rs b/microdroid_manager/src/payload.rs
index bf9d9f9..8ec6f74 100644
--- a/microdroid_manager/src/payload.rs
+++ b/microdroid_manager/src/payload.rs
@@ -17,14 +17,11 @@
 use crate::instance::ApexData;
 use crate::ioutil::wait_for_file;
 use anyhow::Result;
+use apex::verify;
 use log::info;
 use microdroid_metadata::{read_metadata, ApexPayload, Metadata};
-use std::fs::File;
-use std::io::Read;
 use std::time::Duration;
-use zip::ZipArchive;
 
-const APEX_PUBKEY_ENTRY: &str = "apex_pubkey";
 const PAYLOAD_METADATA_PATH: &str = "/dev/block/by-name/payload-metadata";
 const WAIT_TIMEOUT: Duration = Duration::from_secs(10);
 
@@ -35,29 +32,20 @@
     read_metadata(file)
 }
 
-/// Loads (name, pubkey) from payload APEXes
+/// Loads (name, public_key, root_digest) from payload APEXes
 pub fn get_apex_data_from_payload(metadata: &Metadata) -> Result<Vec<ApexData>> {
     metadata
         .apexes
         .iter()
         .map(|apex| {
             let name = apex.name.clone();
-            let partition = format!("/dev/block/by-name/{}", apex.partition_name);
-            let pubkey = get_pubkey_from_apex(&partition)?;
-            Ok(ApexData { name, pubkey })
+            let apex_path = format!("/dev/block/by-name/{}", apex.partition_name);
+            let result = verify(&apex_path)?;
+            Ok(ApexData { name, public_key: result.public_key, root_digest: result.root_digest })
         })
         .collect()
 }
 
-fn get_pubkey_from_apex(path: &str) -> Result<Vec<u8>> {
-    let f = File::open(path)?;
-    let mut z = ZipArchive::new(f)?;
-    let mut pubkey_file = z.by_name(APEX_PUBKEY_ENTRY)?;
-    let mut pubkey = Vec::new();
-    pubkey_file.read_to_end(&mut pubkey)?;
-    Ok(pubkey)
-}
-
 /// Convert vector of ApexData into Metadata
 pub fn to_metadata(apex_data: &[ApexData]) -> Metadata {
     Metadata {
@@ -65,10 +53,13 @@
             .iter()
             .map(|data| ApexPayload {
                 name: data.name.clone(),
-                public_key: data.pubkey.clone(),
+                public_key: data.public_key.clone(),
+                root_digest: data.root_digest.clone(),
                 ..Default::default()
             })
             .collect(),
         ..Default::default()
     }
 }
+
+mod apex;