pa-fazil
/
android_packages_modules_Virtualization
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android_packages_modules_Vi.../microdroid/signature
History
Jooyung Han 017916bf35 Microdroid activates host APEXes 
Host apexes are passed to microdroid via the payload composite image.
The payload composite image can be created by either
mk_payload_signature/mk_cdisk or mk_payload.

For now, microdroid expects two APEXes from the host:
- com.android.adbd
- com.android.sdkext

The exact set of host apexes for microdroid is TBD. The current set is
only for demonstration.

Bug: 181093750
Test: MicrodroidTestCase
Change-Id: I7fe33fe03ac94799a4e109b83286bfb39e44b882
 		2021-04-21 23:20:29 +09:00
..
include/microdroid Add an executable to create a microdroid signature 2021-04-14 23:23:58 +09:00
Android.bp Microdroid activates host APEXes 2021-04-21 23:20:29 +09:00
README.md Microdroid activates host APEXes 2021-04-21 23:20:29 +09:00
microdroid_signature.proto Add a proto for the microdroid signature partition 2021-04-14 21:27:52 +09:00
mk_microdroid_signature.cc Add an executable to create a microdroid signature 2021-04-14 23:23:58 +09:00
mk_payload.cc Microdroid activates host APEXes 2021-04-21 23:20:29 +09:00
signature.cc Add an executable to create a microdroid signature 2021-04-14 23:23:58 +09:00

README.md

Microdroid Signature

Microdroid Signature contains the signatures of the payloads so that the payloads are verified inside the Guest OS.

  • APEX packages that are passed to microdroid should be listed in the Microroid Signature.

Format

Microdroid Signature is composed of header and body.

offset size description
0 4 Header. unsigned int32: body length(L) in big endian
4 L Body. A protobuf message. schema

How to Create

mk_microdroid_signature and mk_cdisk

For testing purpose, use mk_microdroid_signature to create a Microdroid Signature.

$ cat signature_config.json
{
  "apexes": [
    {
      "name": "com.my.hello",
      "path": "hello.apex"
    }
  ]
}
$ adb push signature_config.json hello.apex /data/local/tmp/
$ adb shell 'cd /data/local/tmp; /apex/com.android.virt/bin/mk_microdroid_signature signature_config.json signature

Then, pass the signature as the first partition of the payload disk image.

$ cat payload_cdisk.json
{
  "partitions": [
    {
      "label": "signature",
      "path": "signature"
    },
    {
      "label": "com.my.hello",
      "path": "hello.apex"
    }
  ]
}
$ adb push payload_cdisk.json /data/local/tmp/
$ adb shell 'cd /data/local/tmp; /apex/com.android.virt/bin/mk_cdisk payload_cdisk.json payload.img
$ adb shell 'cd /data/local/tmp; /apex/com.android.virt/bin/crosvm .... --disk=payload.img'

mk_payload

mk_payload combines these two steps into a single step. Additionally, mk_payload can search system APEXes as well. This will generate the output composite image as well as three more component images. (See below)

$ cat payload_config.json
{
  "system_apexes": [
    "com.android.adbd",
  ],
  "apexes": [
    {
      "name": "com.my.hello",
      "path": "hello.apex"
    }
  ]
}
$ adb push payload_config.json hello.apex /data/local/tmp/
$ adb shell 'cd /data/local/tmp; /apex/com.android.virt/bin/mk_payload payload_config.json payload.img
$ adb shell ls /data/local/tmp/*.img
payload-footer.img
payload-header.img
payload-signature.img
payload.img

In the future, VirtManager will handle these stuffs.