pa-fazil
/
android_packages_modules_Virtualization
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,761 Commits 1 Branch 0 Tags 1.4 GiB
Commit Graph

6 Commits

Author SHA1 Message Date
Alan Stokes bcc2ec27fe libvm_payload as a cc_library 
Define a symbole file for libvm_payload, and request stubs. Make sure
the clients build against the stubs.

Mark the implementation as not required, to prevent the missing
dependencies check triggering; it is actually present at runtime
inside Microdroid.

Bug: 243512108
Bug: 255920361
Test: atest MicrodroidTests
Test: composd-cmd test-compile
Change-Id: I78c33b6fba706fd0e52435ac13d02a25171862f1
 2022-11-28 11:15:29 +00:00
Alan Stokes d4ea5a867e Split out restricted header 
Remove the "restricted" functions from vm_payload.h and move them into
vm_payload_restricted.h. Update build rules so that we use
vm_payload_restricted.h in the places we need to.

The restricted APIs will not be made available for priv apps, so they
don't need to be in the headers made available to priv apps.

Add a test to make sure the restricted APIs are in fact restricted.

Bug: 243512108
Test: atest MicrodroidTests ComposTestCase
Change-Id: I0bf0618b1fb572075ba7fb55644300ae1784cada
 2022-11-11 10:07:54 +00:00
Alice Wang 609299c917 [API] Change libvm_payload to shared lib 
Test: MicrodroidTests
Bug: 243512047
Bug: 250854486
Change-Id: I20d0613d2118c43d891d1fbb60ee8ab070cbb8e0
 2022-10-10 13:54:23 +00:00
Andrew Scull e4b0285491 Use the vm_payload library to access DICE values 
Migrate from direct use of IDiceNode over binder to calling the payload
support library. The functions exposed by the library are expected to
change so this is just the initial migration.

Bug: 243514248
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Change-Id: Ifadfab090b61ab3240331d381641f6dc33ad8ee9
 2022-10-09 10:10:15 +00:00
Alan Stokes 16fb8555e8 Rewrite key management & signing 
Extend compos_helper to support signing, use it from CompOS.

Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.

Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.

There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab
 2022-02-17 16:58:32 +00:00
Alan Stokes 38221fa1ac Add compos_key_helper 
Create a small library to do key-related operations (derive, sign,
verify). Add tests.

Create a small standlone executable to expose these functions.

Bug: 218494522
Test: atest compos_key_tests
Change-Id: I5c984178b822510fd32784d01cf4322e592e5d2a
 2022-02-10 16:42:53 +00:00