Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / f136935c360cdab478c443bf2ff7181f2b4510c8^! / . / guest / pvmfw / avb / src / verify.rs
commitf136935c360cdab478c443bf2ff7181f2b4510c8[log] [tgz]
authorPierre-Clément Tosi <ptosi@google.com>Mon Dec 02 18:55:08 2024 +0000
committerPierre-Clément Tosi <ptosi@google.com>Wed Feb 12 11:24:15 2025 +0000
treeb13ac484b884847deac61e1e3a3893aa658ed524
parent76b683f387e67338ff2ee3499ec7fc51c14bd433 [diff] [blame]
pvmfw: Support com.android.virt.name property

Teach pvmfw to recognize a new AVB property that will be used to gate
features specific to particular VMs, such as the way we currently
support the RKP VM with special rollback protection and its DICE chain
marker. For now, only add the infrastructure and unit-tests.

Note: No functional change intended.

Bug: 378673494
Bug: 377276983
Test: m pvmfw_bin
Test: atest libpvmfw_avb.integration_test libpvmfw.dice.test
Change-Id: Ic1fd923df361e19b2d0cd323aa6a0ca866a281a6

diff --git a/guest/pvmfw/avb/src/verify.rs b/guest/pvmfw/avb/src/verify.rs
index 8810696..6a3d7de 100644
--- a/guest/pvmfw/avb/src/verify.rs
+++ b/guest/pvmfw/avb/src/verify.rs

@@ -17,7 +17,7 @@
 use crate::ops::{Ops, Payload};
 use crate::partition::PartitionName;
 use crate::PvmfwVerifyError;
-use alloc::vec::Vec;
+use alloc::{string::String, vec::Vec};
 use avb::{
     Descriptor, DescriptorError, DescriptorResult, HashDescriptor, PartitionData, SlotVerifyError,
     SlotVerifyNoDataResult, VbmetaData,
@@ -47,6 +47,8 @@
     pub rollback_index: u64,
     /// Page size of kernel, if present.
     pub page_size: Option<usize>,
+    /// Name of the guest payload, if present.
+    pub name: Option<String>,
 }
 
 impl VerifiedBootData<'_> {
@@ -238,6 +240,18 @@
     Ok(Some(size))
 }
 
+/// Returns the indicated payload name, if present.
+fn read_name(vbmeta_data: &VbmetaData) -> Result<Option<String>, PvmfwVerifyError> {
+    let Some(property) = vbmeta_data.get_property_value("com.android.virt.name") else {
+        return Ok(None);
+    };
+    let name = str::from_utf8(property).map_err(|_| PvmfwVerifyError::InvalidVmName)?;
+    if name.is_empty() {
+        return Err(PvmfwVerifyError::InvalidVmName);
+    }
+    Ok(Some(name.into()))
+}
+
 /// Verifies the given initrd partition, and checks that the resulting contents looks like expected.
 fn verify_initrd(
     ops: &mut Ops,
@@ -275,6 +289,7 @@
     let hash_descriptors = HashDescriptors::get(&descriptors)?;
     let capabilities = Capability::get_capabilities(vbmeta_image)?;
     let page_size = read_page_size(vbmeta_image)?;
+    let name = read_name(vbmeta_image)?;
 
     if initrd.is_none() {
         hash_descriptors.verify_no_initrd()?;
@@ -286,6 +301,7 @@
             capabilities,
             rollback_index,
             page_size,
+            name,
         });
     }
 
@@ -307,5 +323,6 @@
         capabilities,
         rollback_index,
         page_size,
+        name,
     })
 }