commit | a26f16aee1e340449c05fc52dfe143f5f6927fa4 | [log] [tgz] |
---|---|---|
author | Shikha Panwar <shikhapanwar@google.com> | Wed Sep 27 09:39:00 2023 +0000 |
committer | Shikha Panwar <shikhapanwar@google.com> | Fri Sep 29 11:01:48 2023 +0000 |
tree | 2d84b7ae82e99a4e6227ab9c867a17f4265c7115 | |
parent | 2174d411d3735e03e00bfa4650db4795cc595545 [diff] |
pvmfw: Rollback index of kernel & security_version Capture rollback_index of guest kernel. Rollback indexes are available in AvbSlotVerifyData returned from avb_slot_verify(). This is a slice of uint64 where the position of the rollback_index is determined by rollback_index_location (which defaults to 0). This is then used as the 'security_version' in the dice config, that can be used by guests OS to provide AntiRollback protection to secrets. Note on TrunkStableFlagging - This is guarded by flag llpvm_changes, based on which security_version is added to dice. Test: #payload_with_rollback_index Test: flash pvmfw => get dice chain from Compos => verify-dice-chain contaisn security version = 1 for guest OS Bug: 296830692 Change-Id: I0d6d993d8b2d1b98dcc39fb90895a59c7a699d7d
Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.
Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.
If you want a quick start, see the getting started guideline and follow the steps there.
For in-depth explanations about individual topics and components, visit the following links.
AVF components:
How-Tos: