Check whether remote attestation is supported with system property This cl introduces a new system property avf.remote_attestation.enabled to allow vendors to disable the remote attestation feature in vendor init. Bug: 341598459 Test: enable/disable the feature and check VmAttestationTestApp Change-Id: I5b26ba029ea1be74d8c0d139d69aee608c92f327

commit: eec580d7a5c1896701019af13be2d3c000521277 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Fri Jun 07 08:48:06 2024 +0000
committer: Alice Wang <aliceywang@google.com> Mon Jun 10 09:40:46 2024 +0000
tree: 97334801991313c5200810ec77ec9c38f869beff
parent: 55e57b98cdb27d292b80a07a5881a8b46f0ee8c4 [diff] [blame]
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 8fe4167..41d09bc 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs

@@ -353,6 +353,7 @@
             ))
             .with_log();
         }
+        remote_provisioning::check_remote_attestation_is_supported()?;
         info!("Received csr. Requestting attestation...");
         let (key_blob, certificate_chain) = if test_mode {
             check_use_custom_virtual_machine()?;
@@ -403,7 +404,8 @@
     }
 
     fn isRemoteAttestationSupported(&self) -> binder::Result<bool> {
-        is_remote_provisioning_hal_declared()
+        Ok(is_remote_provisioning_hal_declared()?
+            && remote_provisioning::is_remote_attestation_supported())
     }
 
     fn getAssignableDevices(&self) -> binder::Result<Vec<AssignableDevice>> {
commit	eec580d7a5c1896701019af13be2d3c000521277	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Fri Jun 07 08:48:06 2024 +0000
committer	Alice Wang <aliceywang@google.com>	Mon Jun 10 09:40:46 2024 +0000
tree	97334801991313c5200810ec77ec9c38f869beff
parent	55e57b98cdb27d292b80a07a5881a8b46f0ee8c4 [diff] [blame]