android_packages_modules_Vi.../pvmfw
Alice Wang 5b049ec03f Merge "[avb] Verify that the only vbmeta is from the kernel" 2023-01-18 13:30:03 +00:00
..
avb Merge "[avb] Verify that the only vbmeta is from the kernel" 2023-01-18 13:30:03 +00:00
src Merge "Try reading block device. Share queues and buffers with host." 2023-01-16 11:23:05 +00:00
Android.bp pvmfw: Integrate verify_payload 2023-01-09 19:30:17 +00:00
README.md pvmfw: README: Document config data format 2022-12-20 08:35:07 +00:00
TEST_MAPPING [avb][test] Move pvmfw_avb tests to a separate module 2023-01-13 12:18:24 +00:00
idmap.S pvmfw: Add MemoryTracker & MemorySlices 2022-11-28 22:28:05 +00:00
image.ld

README.md

Protected Virtual Machine Firmware

Configuration Data Format

pvmfw will expect a header to have been appended to its loaded binary image at the next 4KiB boundary. It describes the configuration data entries that pvmfw will use and, being loaded by the pvmfw loader, is necessarily trusted.

The layout of the configuration data is as follows:

+===============================+
|          pvmfw.bin            |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
|  (Padding to 4KiB alignment)  |
+===============================+ <-- HEAD
|      Magic (= 0x666d7670)     |
+-------------------------------+
|           Version             |
+-------------------------------+
|   Total Size = (TAIL - HEAD)  |
+-------------------------------+
|            Flags              |
+-------------------------------+
|           [Entry 0]           |
|  offset = (FIRST - HEAD)      |
|  size = (FIRST_END - FIRST)   |
+-------------------------------+
|           [Entry 1]           |
|  offset = (SECOND - HEAD)     |
|  size = (SECOND_END - SECOND) |
+-------------------------------+
|              ...              |
+-------------------------------+
|           [Entry n]           |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
| (Padding to 8-byte alignment) |
+===============================+ <-- FIRST
|        {First blob: BCC}      |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ <-- FIRST_END
| (Padding to 8-byte alignment) |
+===============================+ <-- SECOND
|        {Second blob: DP}      |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ <-- SECOND_END
| (Padding to 8-byte alignment) |
+===============================+
|              ...              |
+===============================+ <-- TAIL

Where the version number is encoded using a "major.minor" as follows

((major << 16) | (minor & 0xffff))

and defines the format of the header (which may change between major versions), its size and, in particular, the expected number of appended blobs. Each blob is referred to by its offset in the entry array and may be mandatory or optional (as defined by this specification), where missing entries are denoted by a zero size. It is therefore not allowed to trim missing optional entries from the end of the array. The header uses the endianness of the virtual machine.

The header format itself is agnostic of the internal format of the individual blos it refers to. In version 1.0, it describes two blobs:

  • entry 0 must point to a valid BCC Handover
  • entry 1 may point to a DTBO to be applied to the pVM device tree