commit e45e9426d2509bcf6a3a97f1329aad552a8c39d9
author Shikha Panwar <shikhapanwar@google.com> Wed Feb 28 21:18:10 2024 +0000
committer Shikha Panwar <shikhapanwar@google.com> Wed Mar 20 11:59:53 2024 +0000
tree 6bb2047c7d73a80a173a5b29f1f61c55721ff6eb
parent f15e027de346185bc8b8c42b1b7a573f7b054f0d

MM: Check if Secretkeeper is supported from DT

Virtmgr sets a prop in DT to indicate that Secretkeeper HAL is
supported. Use that as the single source of information from host. This
eliminates the vulnerability that arises when host gives different
answers if asked multiple times.

Test: atest MicrodroidTests#encryptedStorageIsPersistent
Bug: 291213394
Change-Id: I0bb71df64462c90dbf197b9630e7c57a94216388

microdroid_manager/src/main.rs

diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 9a9a1f8..2386bd4 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -72,6 +72,7 @@
     "/proc/device-tree/virtualization/guest/debug-microdroid,no-verified-boot";
 const SECRETKEEPER_KEY: &str = "/proc/device-tree/avf/secretkeeper_public_key";
 const INSTANCE_ID_PATH: &str = "/proc/device-tree/avf/untrusted/instance-id";
+const DEFER_ROLLBACK_PROTECTION: &str = "/proc/device-tree/avf/untrusted/defer-rollback-protection";
 
 const ENCRYPTEDSTORE_BIN: &str = "/system/bin/encryptedstore";
 const ZIPFUSE_BIN: &str = "/system/bin/zipfuse";
@@ -161,6 +162,10 @@
     Ok(instance_id)
 }
 
+fn should_defer_rollback_protection() -> bool {
+    Path::new(DEFER_ROLLBACK_PROTECTION).exists()
+}
+
 fn main() -> Result<()> {
     // If debuggable, print full backtrace to console log with stdio_to_kmsg
     if is_debuggable()? {
@@ -299,10 +304,10 @@
     let dice = DiceDriver::new(Path::new("/dev/open-dice0"), is_strict_boot())
         .context("Failed to load DICE")?;
 
-    // TODO(b/291306122): Checking with host about Secretkeeper support multiple times introduces
-    // a whole range of security vulnerability since host can give different answers. Guest should
-    // check only once and the same answer should be known to pVM Firmware and Microdroid.
-    let instance_data = if let Some(_sk) = vm_secret::is_sk_supported(service)? {
+    // Microdroid skips checking payload against instance image iff the device supports
+    // secretkeeper. In that case Microdroid use VmSecret::V2, which provide protection against
+    // rollback of boot images and packages.
+    let instance_data = if should_defer_rollback_protection() {
         verify_payload(&metadata, None)?
     } else {
         verify_payload_with_instance_img(&metadata, &dice)?