commit | 4a0651de655e2dc2964b13a6c3a8dd13bb767881 | [log] [tgz] |
---|---|---|
author | Shikha Panwar <shikhapanwar@google.com> | Thu Sep 28 13:06:13 2023 +0000 |
committer | Shikha Panwar <shikhapanwar@google.com> | Fri Sep 29 12:42:34 2023 +0000 |
tree | 5fa8e23388c85f7172b59adc0a87509baaca7396 | |
parent | a26f16aee1e340449c05fc52dfe143f5f6927fa4 [diff] |
Add guest OS capability: SecretkeeperProtection Not all guest OS are capable of interacting with Secretkeeper. Add a capability "secretkeeper_protection" (which can be extracted from vbmeta property "com.android.virt.cap"). Add this property to Microdroid kernel. pvmfw will have check if the guest OS has this capability & ensures the rollback_index > 0 if the guest OS has it. Note that this will be factored in while pvmfw check if updated guest OS should be accepted. Bug: 291213374 Test: avbtool.py --info microdroid_kernel & check if property is present. Test: #payload_with_multiple_capabilities Change-Id: I99c159d3d65005ec02729b47620ac05ab8d1ec5e
Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.
Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.
If you want a quick start, see the getting started guideline and follow the steps there.
For in-depth explanations about individual topics and components, visit the following links.
AVF components:
How-Tos: