guest: trusty: security_vm: add a pVM launcher for test purpose
Bug: 393848753
Test: uncomment the entries in .rc
Change-Id: I43532f3154e386482a64cca790626b238a19f514
diff --git a/guest/trusty/common/early_vms.xml b/guest/trusty/common/early_vms.xml
index 1ed324c..e9d4c61 100644
--- a/guest/trusty/common/early_vms.xml
+++ b/guest/trusty/common/early_vms.xml
@@ -19,4 +19,9 @@
<cid>200</cid>
<path>/system_ext/bin/trusty_security_vm_launcher</path>
</early_vm>
+ <early_vm>
+ <name>trusty_security_vm_launcher_protected</name>
+ <cid>210</cid>
+ <path>/system_ext/bin/trusty_security_vm_launcher</path>
+ </early_vm>
</early_vms>
diff --git a/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc b/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc
index c0e0537..3f3e48d 100644
--- a/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc
+++ b/guest/trusty/security_vm/launcher/security_vm_launcher-arm64.rc
@@ -18,3 +18,30 @@
setprop trusty.security_vm.nonsecure_vm_ready 1
setprop trusty.security_vm.vm_cid 200
start trusty_security_vm_launcher
+
+##########################
+# BELOW IS FOR TEST ONLY #
+##########################
+
+service trusty_security_vm_launcher_protected /system_ext/bin/trusty_security_vm_launcher \
+--name trusty_security_vm_launcher_protected \
+--kernel /system_ext/etc/vm/trusty_vm/trusty-security_vm.elf \
+--memory-size-mib 32 \
+--protected
+ disabled
+ user system
+ group system virtualmachine
+ capabilities IPC_LOCK NET_BIND_SERVICE SYS_RESOURCE SYS_NICE
+ stdio_to_kmsg
+ oneshot
+
+# Testing protected vm during early boot
+# TODO(b/): solve the MMIO guard issue preventing Host/VM communications
+# to reproduce: uncomment the `on post-fs` section
+#on post-fs
+# start trusty_security_vm_launcher_protected
+
+# TODO(b/): solve the pKVM crash
+# to reproduce: uncomment the `on init` section
+#on init
+# start trusty_security_vm_launcher_protected