Support vendor partition in non-debuggable pVMs
Remove the "vendor_hashtree_descriptor_root_digest" prop from the avf
node by default. It will be re-added by virtue of being a trusted prop
in the case that the caller requested the vendor partition.
Stop adding the kerel param "androidboot.microdroid.mount_vendor=1" if
the vendorImage is supplied, as the kernel param is replaced by the
mechanism described above.
Bug: 340506965
Test: TH
Change-Id: I2994526c205ac3830efe0fb060b1ba16c747f14a
diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index 87fb611..9d985ad 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs
@@ -1105,7 +1105,9 @@
if let Some(file) = custom_config.vendorImage.as_ref() {
add_microdroid_vendor_image(clone_file(file)?, &mut vm_config);
- append_kernel_param("androidboot.microdroid.mount_vendor=1", &mut vm_config)
+ if !cfg!(tpu_assignable_device) {
+ append_kernel_param("androidboot.microdroid.mount_vendor=1", &mut vm_config);
+ }
}
vm_config.devices.clone_from(&custom_config.devices);
diff --git a/android/virtmgr/src/dt_overlay.rs b/android/virtmgr/src/dt_overlay.rs
index 108ed61..d226635 100644
--- a/android/virtmgr/src/dt_overlay.rs
+++ b/android/virtmgr/src/dt_overlay.rs
@@ -17,7 +17,7 @@
use anyhow::{anyhow, Result};
use cstr::cstr;
use fsfdt::FsFdt;
-use libfdt::Fdt;
+use libfdt::{Fdt, FdtError};
use std::ffi::CStr;
use std::path::Path;
@@ -90,7 +90,26 @@
fdt.overlay_onto(cstr!("/fragment@0/__overlay__"), path)?;
}
- if !trusted_props.is_empty() {
+ if cfg!(tpu_assignable_device) {
+ let mut avf = fdt
+ .node_mut(cstr!("/fragment@0/__overlay__/avf"))
+ .map_err(|e| anyhow!("Failed to search avf node: {e:?}"))?
+ .ok_or(anyhow!("Failed to get avf node"))?;
+ let vendor_digest = cstr!("vendor_hashtree_descriptor_root_digest");
+ // Remove the vendor digest.
+ // In the case it is actually requested, it will be re-added by virtue of being in
+ // `trusted_props`.
+ match avf.delprop(vendor_digest) {
+ Ok(()) | Err(FdtError::NotFound) => {}
+ Err(e) => {
+ return Err(anyhow!("Unexpected error pre-removing {vendor_digest:?}: {e:?}"))
+ }
+ }
+ for (name, value) in trusted_props {
+ avf.setprop(name, value)
+ .map_err(|e| anyhow!("Failed to set trusted property: {e:?}"))?;
+ }
+ } else if !trusted_props.is_empty() {
let mut avf = fdt
.node_mut(cstr!("/fragment@0/__overlay__/avf"))
.map_err(|e| anyhow!("Failed to search avf node: {e:?}"))?
diff --git a/build/Android.bp b/build/Android.bp
index 6ab1d89..59717b8 100644
--- a/build/Android.bp
+++ b/build/Android.bp
@@ -50,6 +50,9 @@
}) + select(release_flag("RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES"), {
true: ["paravirtualized_devices"],
default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_TPU_ASSIGNABLE_DEVICE"), {
+ true: ["tpu_assignable_device"],
+ default: [],
}),
}
@@ -64,6 +67,9 @@
}) + select(release_flag("RELEASE_AVF_ENABLE_VIRT_CPUFREQ"), {
true: ["-DAVF_ENABLE_VIRT_CPUFREQ=1"],
default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_TPU_ASSIGNABLE_DEVICE"), {
+ true: ["-DAVF_ENABLE_TPU_ASSIGNABLE_DEVICE=1"],
+ default: [],
}),
}
diff --git a/libs/libavf_cc_flags/include/android/avf_cc_flags.h b/libs/libavf_cc_flags/include/android/avf_cc_flags.h
index c922266..9fcd542 100644
--- a/libs/libavf_cc_flags/include/android/avf_cc_flags.h
+++ b/libs/libavf_cc_flags/include/android/avf_cc_flags.h
@@ -35,5 +35,13 @@
#endif
}
+inline bool IsEnableTpuAssignableDeviceFlagEnabled() {
+#ifdef AVF_ENABLE_TPU_ASSIGNABLE_DEVICE
+ return AVF_ENABLE_TPU_ASSIGNABLE_DEVICE;
+#else
+ return false;
+#endif
+}
+
} // namespace virtualization
} // namespace android