android_packages_modules_Vi.../avmd
David Brazdil 5f7c3c72c4 Move AVF tests to avf-pre/postsubmit test group
AVF presubmit test config currently runs all tests in the 'presubmit'
group. However, in presubmit the test configs are invoked with all
TEST_MAPPING paths from all affected CLs. Our test config can therefore
run tests from TEST_MAPPINGs outside of the Virtualization repo.

To work around this problem, move all Virtualization tests to
'avf-presubmit' group. Test config running in presubmit will still be
invoked with TEST_MAPPINGs from various repos but only our tests will
match the group.

Rename the postsubmit group to 'avf-postsubmit' for consistency.

Bug: 236755822
Test: atest --test-mapping packages/modules/Virtualization:avf-presubmit
Test: atest --test-mapping packages/modules/Virtualization:avf-postsubmit
Change-Id: I7be5781bef4b6e060a69724c7b4256423adc649c
2022-08-19 15:40:57 +00:00
..
src Merge "migrate to clap 3.x" 2022-07-29 23:05:03 +00:00
tests Add integration test for avmdtool dump 2022-08-09 13:41:36 +00:00
Android.bp Run avmdtool_tests as rust_test 2022-08-18 11:32:31 +00:00
README.md Add avmdtool 2022-07-20 13:47:02 +00:00
TEST_MAPPING Move AVF tests to avf-pre/postsubmit test group 2022-08-19 15:40:57 +00:00

README.md

The AVMD image format


The AVMD image format is used to descibe the verified code that a VM will load. This repository contains tools and libraries for working with the AVMD image format.

What is it?

When a VM boots, it loads and verifies a set of images that control execution within the VM. Therefore, describing what executes in a VM means describing what is loaded. The AVMD image format is designed, for this purpose, to describe the closure of images that can be loaded and how they should be verified.

Caveats

The AVMD image format will only allow Android supported signing formats. The supported formats are currently limited to AVB and APK.

Verification of the images as they are loaded is the responsibility of the VM. The VM is required to only load the images described and to verify them against the included parameters. If the VM does not follow this requirement, the description of the VM may not be accurate and must not be trusted. Validating that the VM behaves as expected requires audit of all boot stages of the VM.

Using avmdtool

The .avmd file can be created as follows

avmdtool create /tmp/out.avmd \
   --vbmeta pvmfw preload u-boot.bin \
   --vbmeta uboot env_vbmeta disk1/vbmeta.imb \
   --vbmeta uboot vbmeta micordoid/vbmeta.img \
   --apk microdroid payload compos.apk \
   --apk microdroid extra_apk extra_apk.apk \
   --apex-payload microdroid art_apex art.apex

You can read the .avmd file with

avmdtool dump /tmp/out.avmd