Merge "[doc] Add documentation for RKP VM" into main
diff --git a/apex/Android.bp b/apex/Android.bp
index ccbdb3b..a05f7b0 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -13,7 +13,6 @@
config_namespace: "ANDROID",
bool_variables: [
"avf_enabled",
- "avf_kernel_modules_enabled",
],
properties: [
"defaults",
@@ -30,9 +29,6 @@
defaults: ["com.android.virt_avf_disabled"],
},
},
- avf_kernel_modules_enabled: {
- prebuilts: ["microdroid_kernel_with_modules"],
- },
},
}
diff --git a/libs/dice/open_dice/src/ops.rs b/libs/dice/open_dice/src/ops.rs
index 7174d3e..47b5244 100644
--- a/libs/dice/open_dice/src/ops.rs
+++ b/libs/dice/open_dice/src/ops.rs
@@ -95,6 +95,10 @@
///
/// The corresponding public key is included in the leaf certificate of the DICE chain
/// contained in `dice_artifacts`.
+///
+/// Refer to the following documentation for more information about CDI_Leaf_Priv:
+///
+/// security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
pub fn derive_cdi_leaf_priv(dice_artifacts: &dyn DiceArtifacts) -> Result<PrivateKey> {
let cdi_priv_key_seed = derive_cdi_private_key_seed(dice_artifacts.cdi_attest())?;
let (_, private_key) = keypair_from_seed(cdi_priv_key_seed.as_array())?;
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index b494cfa..42ff4b0 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -471,46 +471,3 @@
},
},
}
-
-flag_aware_avb_add_hash_footer {
- name: "microdroid_kernel_with_modules_signed",
- src: ":empty_file",
- filename: "microdroid_kernel_with_modules",
- partition_name: "boot",
- private_key: ":microdroid_sign_key",
- salt: bootloader_salt,
- enabled: false,
- arch: {
- arm64: {
- src: ":microdroid_kernel_with_modules_prebuilts-6.1-arm64",
- enabled: true,
- },
- },
- include_descriptors_from_images: [
- ":microdroid_initrd_normal_hashdesc",
- ":microdroid_initrd_debug_hashdesc",
- ],
- // Below are properties that are conditionally set depending on value of build flags.
- soong_config_variables: {
- release_avf_enable_llpvm_changes: {
- rollback_index: 1,
- props: [
- {
- name: "com.android.virt.cap",
- value: "secretkeeper_protection",
- },
- ],
- },
- },
-}
-
-prebuilt_etc {
- name: "microdroid_kernel_with_modules",
- src: ":empty_file",
- relative_install_path: "fs",
- arch: {
- arm64: {
- src: ":microdroid_kernel_with_modules_signed",
- },
- },
-}
diff --git a/microdroid/kernel/with-modules/Android.bp b/microdroid/kernel/with-modules/Android.bp
deleted file mode 100644
index f1ec06e..0000000
--- a/microdroid/kernel/with-modules/Android.bp
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright (C) 2023 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- default_applicable_licenses: ["microdroid_kernel_with_modules_prebuilts_6.1_arm64_license"],
-}
-
-// See: http://go/android-license-faq
-license {
- name: "microdroid_kernel_with_modules_prebuilts_6.1_arm64_license",
- visibility: [":__subpackages__"],
- license_kinds: [
- "SPDX-license-identifier-GPL-2.0-only",
- ],
- // large-scale-change unable to identify any license_text files
-}
-
-filegroup {
- name: "microdroid_kernel_with_modules_prebuilts-6.1-arm64",
- srcs: ["kernel_with_modules-6.1"],
-}
diff --git a/microdroid/kernel/with-modules/README.md b/microdroid/kernel/with-modules/README.md
deleted file mode 100644
index 46f6a59..0000000
--- a/microdroid/kernel/with-modules/README.md
+++ /dev/null
@@ -1,10 +0,0 @@
-# Microdroid kernel with modules
-
-This directory contains prebuilts of the Microdroid kernel with support for
-loading vendor modules. Only arm64 architecture is supported.
-
-NOTE: the prebuilt was generated on a local machine, and can only be used on
-development devices.
-
-NOTE: this feature is WIP and kernel is subject to change.
-
diff --git a/microdroid/kernel/with-modules/kernel_with_modules-6.1 b/microdroid/kernel/with-modules/kernel_with_modules-6.1
deleted file mode 100755
index b732ce3..0000000
--- a/microdroid/kernel/with-modules/kernel_with_modules-6.1
+++ /dev/null
Binary files differ