Snap for 13152920 from d280cf67be48db096c4bdbe233d2ec205afb4dfc to 25Q2-release
Change-Id: If23363acaa163cd589e88aa15ecaea7926882240
diff --git a/android/vm/src/main.rs b/android/vm/src/main.rs
index ff846a1..7178de5 100644
--- a/android/vm/src/main.rs
+++ b/android/vm/src/main.rs
@@ -22,8 +22,6 @@
CpuOptions::CpuTopology::CpuTopology, IVirtualizationService::IVirtualizationService,
PartitionType::PartitionType, VirtualMachineAppConfig::DebugLevel::DebugLevel,
};
-#[cfg(not(llpvm_changes))]
-use anyhow::anyhow;
use anyhow::{bail, Context, Error};
use binder::{ProcessState, Strong};
use clap::{Args, Parser};
@@ -220,7 +218,6 @@
instance: PathBuf,
/// Path to file containing instance_id. Required iff llpvm feature is enabled.
- #[cfg(llpvm_changes)]
#[arg(long = "instance-id-file")]
instance_id: PathBuf,
@@ -255,26 +252,8 @@
}
}
- fn instance_id(&self) -> Result<PathBuf, Error> {
- cfg_if::cfg_if! {
- if #[cfg(llpvm_changes)] {
- Ok(self.instance_id.clone())
- } else {
- Err(anyhow!("LLPVM feature is disabled, --instance_id flag not supported"))
- }
- }
- }
-
- fn set_instance_id(&mut self, instance_id_file: PathBuf) -> Result<(), Error> {
- cfg_if::cfg_if! {
- if #[cfg(llpvm_changes)] {
- self.instance_id = instance_id_file;
- Ok(())
- } else {
- let _ = instance_id_file;
- Err(anyhow!("LLPVM feature is disabled, --instance_id flag not supported"))
- }
- }
+ fn set_instance_id(&mut self, instance_id_file: PathBuf) {
+ self.instance_id = instance_id_file;
}
}
diff --git a/android/vm/src/run.rs b/android/vm/src/run.rs
index 8385fb4..1033164 100644
--- a/android/vm/src/run.rs
+++ b/android/vm/src/run.rs
@@ -87,8 +87,8 @@
)?;
}
- let instance_id = if cfg!(llpvm_changes) {
- let id_file = config.instance_id()?;
+ let instance_id = {
+ let id_file = config.instance_id;
if id_file.exists() {
let mut id = [0u8; 64];
let mut instance_id_file = File::open(id_file)?;
@@ -100,9 +100,6 @@
instance_id_file.write_all(&id)?;
id
}
- } else {
- // if llpvm feature flag is disabled, instance_id is not used.
- [0u8; 64]
};
let storage = if let Some(ref path) = config.microdroid.storage {
@@ -254,10 +251,8 @@
..Default::default()
};
- if cfg!(llpvm_changes) {
- app_config.set_instance_id(work_dir.join("instance_id"))?;
- println!("instance_id file path: {}", app_config.instance_id()?.display());
- }
+ app_config.set_instance_id(work_dir.join("instance_id"));
+ println!("instance_id file path: {}", app_config.instance_id.display());
command_run_app(app_config)
}
diff --git a/guest/microdroid_manager/src/vm_secret.rs b/guest/microdroid_manager/src/vm_secret.rs
index f031859..674f010 100644
--- a/guest/microdroid_manager/src/vm_secret.rs
+++ b/guest/microdroid_manager/src/vm_secret.rs
@@ -35,6 +35,9 @@
StoreSecretRequest, GetSecretResponse, GetSecretRequest};
use secretkeeper_comm::data_types::error::SecretkeeperError;
use std::fs;
+use std::thread;
+use rand::Rng;
+use std::time::Duration;
use zeroize::Zeroizing;
use std::sync::Mutex;
use std::sync::Arc;
@@ -63,6 +66,8 @@
0x55, 0xF8, 0x08, 0x23, 0x81, 0x5F, 0xF5, 0x16, 0x20, 0x3E, 0xBE, 0xBA, 0xB7, 0xA8, 0x43, 0x92,
];
+const BACKOFF_SK_ACCESS_MS: u64 = 100;
+
pub enum VmSecret {
// V2 secrets are derived from 2 independently secured secrets:
// 1. Secretkeeper protected secrets (skp secret).
@@ -118,15 +123,19 @@
.map_err(|e| anyhow!("Failed to build a sealing_policy: {e}"))?;
let session = SkVmSession::new(vm_service, &explicit_dice, policy)?;
let mut skp_secret = Zeroizing::new([0u8; SECRET_SIZE]);
- if let Some(secret) = session.get_secret(id)? {
- *skp_secret = secret;
- *state = VmInstanceState::PreviouslySeen;
- } else {
- log::warn!("No entry found in Secretkeeper for this VM instance, creating new secret.");
- *skp_secret = rand::random();
- session.store_secret(id, skp_secret.clone())?;
- *state = VmInstanceState::NewlyCreated;
- }
+ get_or_create_sk_secret(&session, id, &mut skp_secret, state).or_else(|e| {
+ // TODO(b/399304956): Secretkeeper rejects requests when overloaded with
+ // connections from multiple clients. Backoff & retry again, hoping it is
+ // less busy then. Secretkeeper changes are required for more robust solutions.
+ log::info!(
+ "get_or_create_sk_secret failed with {e:?}. Refreshing connection & retrying!"
+ );
+ let mut rng = rand::thread_rng();
+ let backoff = rng.gen_range(BACKOFF_SK_ACCESS_MS..2 * BACKOFF_SK_ACCESS_MS);
+ thread::sleep(Duration::from_millis(backoff));
+ session.refresh()?;
+ get_or_create_sk_secret(&session, id, &mut skp_secret, state)
+ })?;
Ok(Self::V2 {
instance_id: id,
dice_artifacts: explicit_dice,
@@ -283,8 +292,6 @@
sealing_policy: Vec<u8>,
}
-// TODO(b/378911776): This get_secret/store_secret fails on expired session.
-// Introduce retry after refreshing the session
impl SkVmSession {
fn new(
vm_service: &Strong<dyn IVirtualMachineService>,
@@ -366,3 +373,21 @@
))
})?)
}
+
+fn get_or_create_sk_secret(
+ session: &SkVmSession,
+ id: [u8; ID_SIZE],
+ skp_secret: &mut Zeroizing<[u8; SECRET_SIZE]>,
+ state: &mut VmInstanceState,
+) -> Result<()> {
+ if let Some(secret) = session.get_secret(id)? {
+ **skp_secret = secret;
+ *state = VmInstanceState::PreviouslySeen;
+ } else {
+ log::warn!("No entry found in Secretkeeper for this VM instance, creating new secret.");
+ **skp_secret = rand::random();
+ session.store_secret(id, skp_secret.clone())?;
+ *state = VmInstanceState::NewlyCreated;
+ }
+ Ok(())
+}
diff --git a/guest/trusty/common/early_vms.xml b/guest/trusty/common/early_vms.xml
index e9d4c61..1ed324c 100644
--- a/guest/trusty/common/early_vms.xml
+++ b/guest/trusty/common/early_vms.xml
@@ -19,9 +19,4 @@
<cid>200</cid>
<path>/system_ext/bin/trusty_security_vm_launcher</path>
</early_vm>
- <early_vm>
- <name>trusty_security_vm_launcher_protected</name>
- <cid>210</cid>
- <path>/system_ext/bin/trusty_security_vm_launcher</path>
- </early_vm>
</early_vms>
diff --git a/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc b/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc
index 3f3e48d..c0e0537 100644
--- a/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc
+++ b/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc
@@ -18,30 +18,3 @@
setprop trusty.security_vm.nonsecure_vm_ready 1
setprop trusty.security_vm.vm_cid 200
start trusty_security_vm_launcher
-
-##########################
-# BELOW IS FOR TEST ONLY #
-##########################
-
-service trusty_security_vm_launcher_protected /system_ext/bin/trusty_security_vm_launcher \
---name trusty_security_vm_launcher_protected \
---kernel /system_ext/etc/vm/trusty_vm/trusty-security_vm.elf \
---memory-size-mib 32 \
---protected
- disabled
- user system
- group system virtualmachine
- capabilities IPC_LOCK NET_BIND_SERVICE SYS_RESOURCE SYS_NICE
- stdio_to_kmsg
- oneshot
-
-# Testing protected vm during early boot
-# TODO(b/): solve the MMIO guard issue preventing Host/VM communications
-# to reproduce: uncomment the `on post-fs` section
-#on post-fs
-# start trusty_security_vm_launcher_protected
-
-# TODO(b/): solve the pKVM crash
-# to reproduce: uncomment the `on init` section
-#on init
-# start trusty_security_vm_launcher_protected