Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 185ba932943f83b6c6f7920069ea92d21478b2e4
commit185ba932943f83b6c6f7920069ea92d21478b2e4[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Tue Mar 12 22:35:09 2024 +0000
committerShikha Panwar <shikhapanwar@google.com>Wed Mar 20 10:57:34 2024 +0000
tree9760a5a69cf2735fac27937f9bd024badf0667ea
parent541cb0ccc7b8c0a650930f18b26c21d0d923b727 [diff]
Revert^2 "Microdroid: Skip instance.img checks"

Microdroid no more needs Instance Image partition if Secretkeeper is
enabled.

The use of instance.img is to store package data at first boot of the
instance & MM ensures that it did not change on further boot.  With
Secretkeeper based rollback protection, the auth_hash & version of each
of these packages are part of DICE Policy & Sk ensures that the secrets
are not released if the version downgrades or auth_hash changes.
Therefore, there is no longer any need for this data to be in
instance.img

Note: Since Secretkeeper is an optional HAL in Android V, we still need
to support the instance.img for cases when Secretkeeper implementation
is not available.

Security: This opens up the Sealing CDIs of a pVM to Payload with lower
security version. But all CDIs will be reset once pvmfw starts including
Instance-Id in the hidden inputs, so this is a safe change.

Trunk Flagging: If LLPVM flag is disabled, is_sk_supported() returns
false & legacy route of verification with instance img is executed.

Bug: 291306122
Test: Get an instance.img of a pVM (started with vm run-microdroid)
Test: hexdump -C img | grep for Microdroid partition UUID. It should be missing
Re-revert: The reason for failures was a different issue(b/327526008), this patch
need not be reverted.

Change-Id: I1a8b717fe88ffe4bda5278470a3d2d5ba239c404
2 files changed
tree: 9760a5a69cf2735fac27937f9bd024badf0667ea
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. flags/
  10. java/
  11. launcher/
  12. libs/
  13. microdroid/
  14. microdroid_manager/
  15. pvmfw/
  16. rialto/
  17. service_vm/
  18. tests/
  19. virtualizationmanager/
  20. virtualizationservice/
  21. vm/
  22. vm_payload/
  23. vmbase/
  24. vmclient/
  25. zipfuse/
  26. .clang-format
  27. .gitignore
  28. Android.bp
  29. avf_flags.aconfig
  30. OWNERS
  31. PREUPLOAD.cfg
  32. README.md
  33. rustfmt.toml
  34. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: