Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / d42c24b625d103b499db9820296690ff8e84fa78^! / .
commitd42c24b625d103b499db9820296690ff8e84fa78[log] [tgz]
authorJaewan Kim <jaewan@google.com>Fri Mar 24 14:37:39 2023 +0900
committerJaewan Kim <jaewan@google.com>Fri Mar 31 14:12:41 2023 +0000
tree7b7256cd1e9425165f1c9df49b6909fb798c4e5d
parentcac60c47cf57d2d5286f5406b9dcef6d9ca20658 [diff]
Ensure no AVF debug policy in locked device

VM can't know whether the host is locked or unlocked, so it will
mindlessly enable debug policies in its device tree.

Add CddTest and documentation to ensure that debug policy doesn't exist
in locked devices.

Test: atest
Bug: 275328279
Change-Id: I77d6cec6416200ffe9e60914aed00bcf0d9edbe7

diff --git a/microdroid/README.md b/microdroid/README.md
index 28785fd..d1facc8 100644
--- a/microdroid/README.md
+++ b/microdroid/README.md

@@ -181,7 +181,8 @@
 
 microdroid can be started with debugging features by debug policies from the
 host. Host bootloader may provide debug policies to host OS's device tree for
-VMs.
+VMs. Host bootloader MUST NOT provide debug policies for locked devices for
+security reasons.
 
 For protected VM, such device tree will be available in microdroid. microdroid
 can check which debuging features is enabled.

diff --git a/pvmfw/README.md b/pvmfw/README.md
index 04ad8c4..8be1c04 100644
--- a/pvmfw/README.md
+++ b/pvmfw/README.md

@@ -240,7 +240,10 @@
 Config header can provide a DTBO to be overlaid on top of the baseline device
 tree from crosvm.
 
-The DTBO may contain debug policies as follows.
+The DTBO may contain debug policies. Debug policies MUST NOT be provided for
+locked devices for security reasons.
+
+Here are an example of DTBO.
 
 ```
 / {

diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 687756e..162f7a3 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java

@@ -927,6 +927,21 @@
         checkHashAlgorithm(virtApexEtcDir);
     }
 
+    @Test
+    @CddTest
+    public void testNoAvfDebugPolicyInLockedDevice() throws Exception {
+        ITestDevice device = getDevice();
+
+        // Check device's locked state with ro.boot.verifiedbootstate. ro.boot.flash.locked
+        // may not be set if ro.oem_unlock_supported is false.
+        String lockProp = device.getProperty("ro.boot.verifiedbootstate");
+        assumeFalse("Unlocked devices may have AVF debug policy", lockProp.equals("orange"));
+
+        // Test that AVF debug policy doesn't exist.
+        boolean hasDebugPolicy = device.doesFileExist("/sys/firmware/devicetree/base/avf");
+        assertThat(hasDebugPolicy).isFalse();
+    }
+
     private String avbInfo(String image_path) throws Exception {
         File avbtool = findTestFile("avbtool");
         List<String> command =