| commit | bf9673a4f260dc9efdd5fcd6adb80f310fb83322 | [log] [tgz] |
|---|---|---|
| author | Jiyong Park <jiyong@google.com> | Wed Aug 11 15:58:07 2021 +0900 |
| committer | Jiyong Park <jiyong@google.com> | Thu Aug 12 13:07:42 2021 +0900 |
| tree | c88ceffe1521fc03e4aea1d1e566a7d50532bc69 | |
| parent | 6cebcff3b9c5e429181bc9fdf2d8c2f605bec81f [diff] |
idsig: create merkle tree The idsig crate is for creating an idsig file from an apk. It will be used by virtualization service when a VM is first created. From the input APK, the corresponding idsig file is generated and passed to the VM as a partition. Inside the VM, a dm-verity block device is created for the APK whose merkle tree is backed by the idsig file. If it's the VM's first boot, the APK (still on top of dm-verity) is verified using the APK signature scheme V2 or V3. This involves a full scanning of the APK. Therefore, a successful V2/V3 verification means that the merkle tree and the root hash in the idsig file is also trustful, because otherwise there must have been an I/O error during the scanning, or the V2/V3 verification must has failed. Subsequent boots don't involve the lengthy V2/V3 verification. Instead, we use the root hash that is stored to the instance disk during the first boot. We don't use the root hash read from the idsig file which might have been compromised and therefore shouldn't be used without the V2/V3 verification. As the first step, the idsig crate is created. It currently has routines for the generation of merkle tree. Later, apksigv4.rs which implements the idsig file format will be moved from apkdmverity to here. Then finally, virtualization service will use this to actually create an idsig file when necessary. Bug: 193504400 Test: cargo test Change-Id: I242dd8c6d74fd3098831ce820dd989871939e911
This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.