Skip rollback protection in pvmfw for Trusty Security VM This cl introduces a new capability for the Trusty Security VM. It allows pvmfw to identify it and skips the existing rollback protection mechanism. Bug: 379868478 Test: atest libpvmfw_avb.integration_test Change-Id: Ice2118b940bd50d064617a3e99eba993ee9db6c8

commit: fe0b976b683f2b83a9c6a49159ece8a575d5c06e [log] [tgz]
author: Alice Wang <aliceywang@google.com> Thu Nov 21 14:47:54 2024 +0000
committer: Alice Wang <aliceywang@google.com> Thu Nov 21 16:14:13 2024 +0000
tree: dd7bfb47b1cf24f20d63e3a29eac70ddee5eb871
parent: 5ab9e58e840b199682636eb6fdfe4cb9b7b7b8c5 [diff] [blame]
diff --git a/guest/pvmfw/src/main.rs b/guest/pvmfw/src/main.rs
index aeced51..b9794c6 100644
--- a/guest/pvmfw/src/main.rs
+++ b/guest/pvmfw/src/main.rs

@@ -154,6 +154,11 @@
             return Err(RebootReason::InvalidPayload);
         }
         (false, instance_hash.unwrap())
+    } else if verified_boot_data.has_capability(Capability::TrustySecurityVm) {
+        // The rollback protection of Trusty VMs are handled by AuthMgr, so we don't need to
+        // handle it here.
+        info!("Trusty Security VM detected");
+        (false, instance_hash.unwrap())
     } else {
         info!("Fallback to instance.img based rollback checks");
         let (recorded_entry, mut instance_img, header_index) =
commit	fe0b976b683f2b83a9c6a49159ece8a575d5c06e	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Thu Nov 21 14:47:54 2024 +0000
committer	Alice Wang <aliceywang@google.com>	Thu Nov 21 16:14:13 2024 +0000
tree	dd7bfb47b1cf24f20d63e3a29eac70ddee5eb871
parent	5ab9e58e840b199682636eb6fdfe4cb9b7b7b8c5 [diff] [blame]