pa-fazil
/
android_packages_modules_Virtualization
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android_packages_modules_Vi.../microdroid/signature/README.md

56 lines
1.6 KiB
Markdown
Raw Normal View History

Add a proto for the microdroid signature partition Microdroid will use this special partition composed of signatures to verify the payloads delivered from the host. For now it only conveys the list of APEX signatures: size, public key, root digest. The signature partition can be a part of the payload composite disk image. The format of the signature partition is, as described in README.md, composed of header and body. For now the header is simply the size of the body(protobuf message). Bug: 185069443 Test: n/a Change-Id: I47c7eac195999bab15ee80d3ad053261f04df89c
2021-04-14 06:34:24 +00:00
# Microdroid Signature
Microdroid Signature contains the signatures of the payloads so that the payloads are
verified inside the Guest OS.
* APEX packages that are passed to microdroid should be listed in the Microroid Signature.
## Format
Microdroid Signature is composed of header and body.
| offset | size | description |
|--------|------|----------------------------------------------------------------|
| 0 | 4 | Header. unsigned int32: body length(L) in big endian |
| 4 | L | Body. A protobuf message. [schema](microdroid_signature.proto) |
Add an executable to create a microdroid signature This is for testing purpose. Creating a microdroid signature and embedding it in a payload image will be done by VirtManager in the future. Bug: 185069443 Test: create a signature following README create a payload.img with signature pass --disk=payload.img (check manually /dev/block/vdc1) Change-Id: I6504dc6b3732c8e00e3bd1ffa5059995962d14b8
2021-04-14 09:46:14 +00:00
## How to Create
For testing purpose, use `mk_microdroid_signature` to create a Microdroid Signature.
```
$ cat signature_config.json
{
"apexes": [
{
"name": "com.my.hello",
"path": "hello.apex"
}
]
}
$ adb push signature_config.json hello.apex /data/local/tmp/
$ adb shell 'cd /data/local/tmp; /apex/com.android.virt/bin/mk_microdroid_signature signature_config.json signature
```
Then, pass the signature as the first partition of the payload disk image.
```
$ cat payload_cdisk.json
{
"partitions": [
{
"label": "signature",
"path": "signature"
},
{
"label": "com.my.hello",
"path": "hello.apex"
}
]
}
$ adb push payload_cdisk.json /data/local/tmp/
$ adb shell 'cd /data/local/tmp; /apex/com.android.virt/bin/mk_cdisk payload_cdisk.json payload.img
$ adb shell 'cd /data/local/tmp; /apex/com.android.virt/bin/crosvm .... --disk=payload.img'
```
In the future, [VirtManager](../../virtmanager) will handle these stuffs.