Merge "Probe for VirtIO PCI devices and allocate BARs."
diff --git a/javalib/api/system-current.txt b/javalib/api/system-current.txt
index 16995c5..f38d8fd 100644
--- a/javalib/api/system-current.txt
+++ b/javalib/api/system-current.txt
@@ -61,7 +61,6 @@
method @IntRange(from=0) public int getMemoryMib();
method @IntRange(from=1) public int getNumCpus();
method @Nullable public String getPayloadBinaryPath();
- method @Nullable public String getPayloadConfigPath();
method public boolean isCompatibleWith(@NonNull android.system.virtualmachine.VirtualMachineConfig);
method public boolean isProtectedVm();
field public static final int DEBUG_LEVEL_APP_ONLY = 1; // 0x1
@@ -77,7 +76,6 @@
method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setMemoryMib(@IntRange(from=0) int);
method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setNumCpus(@IntRange(from=1) int);
method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadBinaryPath(@NonNull String);
- method @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadConfigPath(@NonNull String);
method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setProtectedVm(boolean);
}
diff --git a/javalib/api/test-current.txt b/javalib/api/test-current.txt
index d802177..42ad060 100644
--- a/javalib/api/test-current.txt
+++ b/javalib/api/test-current.txt
@@ -1 +1,13 @@
// Signature format: 2.0
+package android.system.virtualmachine {
+
+ public final class VirtualMachineConfig {
+ method @Nullable public String getPayloadConfigPath();
+ }
+
+ public static final class VirtualMachineConfig.Builder {
+ method @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadConfigPath(@NonNull String);
+ }
+
+}
+
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
index b432bde..f9f29a1 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -27,6 +27,7 @@
import android.annotation.Nullable;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
+import android.annotation.TestApi;
import android.content.Context;
import android.os.ParcelFileDescriptor;
import android.os.PersistableBundle;
@@ -284,7 +285,7 @@
*
* @hide
*/
- @SystemApi // TODO(b/243512115): Switch back to @TestApi
+ @TestApi
@Nullable
public String getPayloadConfigPath() {
return mPayloadConfigPath;
@@ -471,7 +472,7 @@
* @hide
*/
@RequiresPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION)
- @SystemApi // TODO(b/243512115): Switch to @TestApi
+ @TestApi
@NonNull
public Builder setPayloadConfigPath(@NonNull String payloadConfigPath) {
mPayloadConfigPath = requireNonNull(payloadConfigPath);
diff --git a/libs/apkverify/Android.bp b/libs/apkverify/Android.bp
index 1862820..e556842 100644
--- a/libs/apkverify/Android.bp
+++ b/libs/apkverify/Android.bp
@@ -12,6 +12,7 @@
"libanyhow",
"libbyteorder",
"libbytes",
+ "libhex",
"liblog_rust",
"libnum_traits",
"libopenssl",
@@ -33,7 +34,6 @@
name: "libapkverify.test",
defaults: ["libapkverify.defaults"],
test_suites: ["general-tests"],
- rustlibs: ["libhex"],
data: ["tests/data/*"],
}
diff --git a/libs/apkverify/src/sigutil.rs b/libs/apkverify/src/sigutil.rs
index bfa51c1..395b493 100644
--- a/libs/apkverify/src/sigutil.rs
+++ b/libs/apkverify/src/sigutil.rs
@@ -235,7 +235,7 @@
use std::fs::File;
use std::mem::size_of_val;
- use crate::v3::{to_hex_string, APK_SIGNATURE_SCHEME_V3_BLOCK_ID};
+ use crate::v3::APK_SIGNATURE_SCHEME_V3_BLOCK_ID;
const CENTRAL_DIRECTORY_HEADER_SIGNATURE: u32 = 0x02014b50;
@@ -276,8 +276,8 @@
let mut apk_sections = ApkSections::new(apk_file).unwrap();
let digest = apk_sections.compute_digest(SignatureAlgorithmID::DsaWithSha256).unwrap();
assert_eq!(
- "0DF2426EA33AEDAF495D88E5BE0C6A1663FF0A81C5ED12D5B2929AE4B4300F2F",
- to_hex_string(&digest[..])
+ "0df2426ea33aedaf495d88e5be0c6a1663ff0a81c5ed12d5b2929ae4b4300f2f",
+ hex::encode(&digest[..])
);
}
diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index db7d8cc..fcd966b 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -196,8 +196,8 @@
ensure!(
computed == digest.digest.as_ref(),
"Digest mismatch: computed={:?} vs expected={:?}",
- to_hex_string(&computed),
- to_hex_string(&digest.digest),
+ hex::encode(&computed),
+ hex::encode(digest.digest.as_ref()),
);
// 7. Verify that public key of the first certificate of certificates is identical
@@ -261,8 +261,3 @@
Ok(PKey::public_key_from_der(raw_public_key.as_ref())?)
}
}
-
-#[inline]
-pub(crate) fn to_hex_string(buf: &[u8]) -> String {
- buf.iter().map(|b| format!("{:02X}", b)).collect()
-}
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index bb65847..ee32509 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -32,7 +32,7 @@
use vmbase::{console, layout, logger, main, power::reboot};
#[derive(Debug, Clone)]
-enum RebootReason {
+pub(crate) enum RebootReason {
/// A malformed BCC was received.
InvalidBcc,
/// An invalid configuration was appended to pvmfw.
@@ -225,10 +225,7 @@
let slices = MemorySlices::new(fdt, payload, payload_size, &mut memory)?;
// This wrapper allows main() to be blissfully ignorant of platform details.
- crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc).map_err(|e| {
- error!("Failed to verify the payload: {e}");
- RebootReason::PayloadVerificationError
- })?;
+ crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc)?;
// TODO: Overwrite BCC before jumping to payload to avoid leaking our sealing key.
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index 3d5629a..cf7e90a 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -31,17 +31,17 @@
mod mmu;
mod smccc;
+use crate::entry::RebootReason;
use avb::PUBLIC_KEY;
-use avb_nostd::{verify_image, AvbImageVerifyError};
-use log::{debug, info};
+use avb_nostd::verify_image;
+use log::{debug, error, info};
-/// TODO(b/256148034): Return RebootReason as error here
fn main(
fdt: &libfdt::Fdt,
signed_kernel: &[u8],
ramdisk: Option<&[u8]>,
bcc: &[u8],
-) -> Result<(), AvbImageVerifyError> {
+) -> Result<(), RebootReason> {
info!("pVM firmware");
debug!("FDT: {:?}", fdt as *const libfdt::Fdt);
debug!("Signed kernel: {:?} ({:#x} bytes)", signed_kernel.as_ptr(), signed_kernel.len());
@@ -51,7 +51,10 @@
debug!("Ramdisk: None");
}
debug!("BCC: {:?} ({:#x} bytes)", bcc.as_ptr(), bcc.len());
- verify_image(signed_kernel, PUBLIC_KEY)?;
+ verify_image(signed_kernel, PUBLIC_KEY).map_err(|e| {
+ error!("Failed to verify the payload: {e}");
+ RebootReason::PayloadVerificationError
+ })?;
info!("Payload verified. Starting payload...");
Ok(())
}