Google Git
Sign in
android / platform / packages / modules / Virtualization / a26f16aee1e340449c05fc52dfe143f5f6927fa4
commita26f16aee1e340449c05fc52dfe143f5f6927fa4[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Wed Sep 27 09:39:00 2023 +0000
committerShikha Panwar <shikhapanwar@google.com>Fri Sep 29 11:01:48 2023 +0000
tree2d84b7ae82e99a4e6227ab9c867a17f4265c7115
parent2174d411d3735e03e00bfa4650db4795cc595545 [diff]
pvmfw: Rollback index of kernel & security_version

Capture rollback_index of guest kernel. Rollback indexes are available
in AvbSlotVerifyData returned from avb_slot_verify(). This is a slice of
uint64 where the position of the rollback_index is determined by
rollback_index_location (which defaults to 0).

This is then used as the 'security_version' in the dice config, that
can be used by guests OS to provide AntiRollback protection to secrets.

Note on TrunkStableFlagging - This is guarded by flag llpvm_changes,
based on which security_version is added to  dice.

Test: #payload_with_rollback_index
Test: flash pvmfw => get dice chain from Compos => verify-dice-chain
contaisn security version = 1 for guest OS
Bug: 296830692

Change-Id: I0d6d993d8b2d1b98dcc39fb90895a59c7a699d7d
6 files changed
tree: 2d84b7ae82e99a4e6227ab9c867a17f4265c7115
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. javalib/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. service_vm/
  17. service_vm_manager/
  18. tests/
  19. virtualizationmanager/
  20. virtualizationservice/
  21. vm/
  22. vm_payload/
  23. vmbase/
  24. vmclient/
  25. zipfuse/
  26. .clang-format
  27. .gitignore
  28. Android.bp
  29. OWNERS
  30. PREUPLOAD.cfg
  31. README.md
  32. rustfmt.toml
  33. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

How-Tos: