Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 345dd8b73f0a68fb4c08ab5cb2a7ee175d531526
commit345dd8b73f0a68fb4c08ab5cb2a7ee175d531526[log] [tgz]
authorAlice Wang <aliceywang@google.com>Tue Feb 20 15:32:46 2024 +0000
committerAlice Wang <aliceywang@google.com>Mon Mar 18 12:22:11 2024 +0000
tree9736ca204e8ebfa415a7500a9383fdc6044e04a6
parentc659013189ea3d911b46be4fce9c5c44b5764191 [diff]
[e2e] Add VM attestation test interacting with RKPD

This CL adds an e2e test that interacts with RKPD and the real
RKP server. It checks the two major stages of pVM attestation:

- AVF key provisioning triggered with RKPD.
  The CSRs generated by the RKP VM are sent to the real RKP server
  for attestation.

- VM attestation.
  RKP VM validates the VM requesting attestation and returns a
  certificate chain covering the public key of a key pair owned by
  the VM.

The test checks the final attestation certificate chain and asks
the VM to sign a message with the attestation key, to ensure that
the VM holds the correct key pair. It runs on an RKPD variation
that has permissions to run a VM.

The test target AvfRkpdVmAttestationTestApp is forked from
RkpdAppIntegrationTests with additional setup to check VM
attestation. It will run on a real device in avf-presubmit in the
future as VM attestation is not supported on cuttlefish.

The test has been added to avf busytown config in cl/614975596.

Bug: 325610326
Test: atest AvfRkpdVmAttestationTestApp
Change-Id: Ia6f52d60327be706c6c0c439ed59255358379b13
7 files changed
tree: 9736ca204e8ebfa415a7500a9383fdc6044e04a6
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. java/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. service_vm/
  17. tests/
  18. virtualizationmanager/
  19. virtualizationservice/
  20. vm/
  21. vm_payload/
  22. vmbase/
  23. vmclient/
  24. zipfuse/
  25. .clang-format
  26. .gitignore
  27. Android.bp
  28. avf_flags.aconfig
  29. OWNERS
  30. PREUPLOAD.cfg
  31. README.md
  32. rustfmt.toml
  33. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: