guest: trusty: enable pvmfw-verified pVM for security and test VMs
- rules that use unsigned images for x86, signed images for arm64
- system_ext artifacts enabled only on devices enabling
`trusty_system_vm` via a soong config variable:
- VM payload configuration:
support a `placeholder_trusted_hal` soong bool variable allowing
to enable placeholder hals on devices that don't support
the Trusted HALs (Cuttlefish on x86_64 for example)
(placeholder_trusted_hal shall not be enabled in production)
- security_vm: update launcher build rules to also support arm64
and define .rc prebuilts to be reused by any device
(not just cuttlefish)
- test_vm: enable pvmfw-verified pVM by adding image signing rules
Bug: 391719387
Bug: 391210895
Test: qemu_trusty_arm64-trunk_staging-userdebug
Change-Id: I82dc911e482538e3f22dde6246a64e712bd0f1d0
diff --git a/guest/pvmfw/avb/tests/utils.rs b/guest/pvmfw/avb/tests/utils.rs
index e8590ac..7282f3e 100644
--- a/guest/pvmfw/avb/tests/utils.rs
+++ b/guest/pvmfw/avb/tests/utils.rs
@@ -33,7 +33,7 @@
const MICRODROID_KERNEL_IMG_PATH: &str = "microdroid_kernel";
const INITRD_NORMAL_IMG_PATH: &str = "microdroid_initrd_normal.img";
const INITRD_DEBUG_IMG_PATH: &str = "microdroid_initrd_debuggable.img";
-const TRUSTY_SECURITY_VM_KERNEL_IMG_PATH: &str = "trusty_security_vm_signed";
+const TRUSTY_TEST_VM_KERNEL_IMG_PATH: &str = "trusty_test_vm_signed.bin";
const PUBLIC_KEY_RSA4096_PATH: &str = "data/testkey_rsa4096_pub.bin";
pub const PUBLIC_KEY_RSA2048_PATH: &str = "data/testkey_rsa2048_pub.bin";
@@ -61,8 +61,8 @@
Ok(fs::read(MICRODROID_KERNEL_IMG_PATH)?)
}
-pub fn load_latest_trusty_security_vm_signed_kernel() -> Result<Vec<u8>> {
- Ok(fs::read(TRUSTY_SECURITY_VM_KERNEL_IMG_PATH)?)
+pub fn load_latest_trusty_test_vm_signed_kernel() -> Result<Vec<u8>> {
+ Ok(fs::read(TRUSTY_TEST_VM_KERNEL_IMG_PATH)?)
}
pub fn load_latest_initrd_normal() -> Result<Vec<u8>> {