Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / ffadd4d13cb17cec7a34f847338412c001a93ab6
commitffadd4d13cb17cec7a34f847338412c001a93ab6[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Tue May 28 13:47:56 2024 +0000
committerShikha Panwar <shikhapanwar@google.com>Fri May 31 11:57:05 2024 +0000
tree5e6dd043dc49f5f3b022257d5e115818b0d785ae
parenta4971bd0a8f5ea500aaf0fd48e2636df8f828ad0 [diff]
Include defer_rbp in the hidden input of DICE

pvmfw allows deferring rollback protection based on host input. This is
okay if the payload use rollback protected secrets (via Secretkeeper)
but exposes the secrets of a well behaving payload on a device without
Secretkeeper - an adversary could just lie about Sk support & steal the
secret using an old compromised image.

Test: with topic. #changing_deferred_rpb_changes_secrets
Bug: 342378315
Change-Id: Ic29b532add99c3ff97a44a3da603639286d50920
2 files changed
tree: 5e6dd043dc49f5f3b022257d5e115818b0d785ae
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. flags/
  10. java/
  11. launcher/
  12. libs/
  13. microdroid/
  14. microdroid_manager/
  15. pvmfw/
  16. rialto/
  17. service_vm/
  18. tests/
  19. virtualizationmanager/
  20. virtualizationservice/
  21. vm/
  22. vm_payload/
  23. vmbase/
  24. vmclient/
  25. vmlauncher_app/
  26. zipfuse/
  27. .clang-format
  28. .gitignore
  29. Android.bp
  30. avf_flags.aconfig
  31. OWNERS
  32. PREUPLOAD.cfg
  33. README.md
  34. rustfmt.toml
  35. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: