| Alan Stokes | 9b8b8ec | 2023-10-13 15:58:11 +0100 | [diff] [blame] | 1 | ; Configuration Descriptor used in the DICE node that describes the payload of a Microdroid virtual |
| 2 | ; machine. |
| 3 | ; |
| 4 | ; See the Open DICE specification |
| 5 | ; https://pigweed.googlesource.com/open-dice/+/HEAD/docs/specification.md, |
| 6 | ; and the Android Profile for DICE |
| 7 | ; https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md. |
| 8 | ; |
| 9 | ; CDDL for the normal Configuration Descriptor can be found at |
| 10 | ; https://cs.android.com/android/platform/superproject/main/+/main:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl |
| 11 | |
| 12 | ; The configuration descriptor node for a Microdroid VM, with extensions to describe the contents |
| 13 | ; of the VM payload. |
| Alan Stokes | 58f2a28 | 2023-12-05 09:41:54 +0000 | [diff] [blame^] | 14 | ; The subcomponents describe the APKs and then the APEXes that are part of the VM. The main APK |
| 15 | ; is first, followed by any extra APKs in the order they are specified in the VM config. |
| 16 | ; The APEXes are listed in the order specified when the VM is created, which is normally alphabetic |
| 17 | ; order by name. |
| Alan Stokes | 9b8b8ec | 2023-10-13 15:58:11 +0100 | [diff] [blame] | 18 | VmConfigDescriptor = { |
| 19 | -70002 : "Microdroid payload", ; Component name |
| 20 | (? -71000: tstr // ; Path to the payload config file |
| 21 | ? -71001: PayloadConfig), |
| 22 | ? -71002: [+ SubcomponentDescriptor], |
| 23 | } |
| 24 | |
| 25 | PayloadConfig = { |
| 26 | 1: tstr ; Path to the binary file where payload execution starts |
| 27 | } |
| 28 | |
| 29 | ; Describes a unit of code (e.g. an APK or an APEX) present inside the VM. |
| Alan Stokes | 58f2a28 | 2023-12-05 09:41:54 +0000 | [diff] [blame^] | 30 | ; |
| 31 | ; For an APK, the fields are as follows: |
| 32 | ; - Component name: The string "apk:" followed by the package name. |
| 33 | ; - Security version: The long version code from the APK manifest |
| 34 | ; (https://developer.android.com/reference/android/content/pm/PackageInfo#getLongVersionCode()). |
| 35 | ; - Code hash: This is the root hash of a Merkle tree computed over all bytes of the APK, as used |
| 36 | ; in the APK Signature Scheme v4 (https://source.android.com/docs/security/features/apksigning/v4) |
| 37 | ; with empty salt and using SHA-256 as the hash algorithm. |
| 38 | ; - Authority hash: The SHA-512 hash of the DER representation of the X.509 certificate for the |
| 39 | ; public key used to sign the APK. |
| 40 | ; |
| 41 | ; For an APEX, they are as follows: |
| 42 | ; - Component name: The string "apex:" followed by the APEX name as specified in the APEX Manifest |
| 43 | ; (see https://source.android.com/docs/core/ota/apex). |
| 44 | ; - Security version: The version number from the APEX Manifest. |
| 45 | ; - Code hash: The root hash of the apex_payload.img file within the APEX, taken from the first |
| 46 | ; hashtree descriptor in the VBMeta image |
| 47 | ; (see https://android.googlesource.com/platform/external/avb/+/master/README.md). |
| 48 | ; - Authority hash: The SHA-512 hash of the public key used to sign the file system image in the |
| 49 | ; APEX (as stored in the apex_pubkey file). The format is as described for AvbRSAPublicKeyHeader |
| 50 | ; in https://cs.android.com/android/platform/superproject/main/+/main:external/avb/libavb/avb_crypto.h. |
| Alan Stokes | 9b8b8ec | 2023-10-13 15:58:11 +0100 | [diff] [blame] | 51 | SubcomponentDescriptor = { |
| 52 | 1: tstr, ; Component name |
| 53 | 2: uint, ; Security version |
| Alan Stokes | 58f2a28 | 2023-12-05 09:41:54 +0000 | [diff] [blame^] | 54 | 3: bstr, ; Code hash |
| Alan Stokes | 9b8b8ec | 2023-10-13 15:58:11 +0100 | [diff] [blame] | 55 | 4: bstr, ; Authority hash |
| 56 | } |