Add Weaver TA to secure_env#2803
Conversation
|
@jemoreira would you mind reviewing these changes? |
Move the main event loop for TAs into a common library libsecure_env_common to avoid duplication. This refactoring is done in preparation for introducing the Weaver HAL. Bug: b/432285494 Test: bazel test //... (in base/cvd)
Move the C++ log forwarder to the common crate to enable its use by other TAs. Also rename 'tpm_ffi' files to 'secure_env_ffi' to reflect they are no longer strictly TPM-specific. This refactoring is done in preparation for introducing the Weaver HAL. Bug: 432285494 Test: bazel test //... (in base/cvd)
Implement the Weaver Trusted Application in Rust on the host side. This TA will handle secure storage of Weaver slots. Bug: 432285494 Test: bazel test //... (in base/cvd)
|
|
||
| static constexpr char kDefaultSecure[] = | ||
| "oemlock,guest_keymint_insecure,guest_gatekeeper_insecure"; | ||
| "oemlock,guest_keymint_insecure,guest_gatekeeper_insecure,weaver"; |
There was a problem hiding this comment.
This looks like a kernel command line argument or a property value. What happens if "weaver" is set here but the guest android doesn't support it? Will it just be ignored?
There was a problem hiding this comment.
Setting weaver here sets bootconfig_args["androidboot.vendor.apex.com.android.hardware.weaver"] = "com.android.hardware.weaver.cf";.
This indicates to guest Android that it should load and activate the com.android.hardware.weaver.cf APEX.
AIUI, if the APEX is missing in guest Android, the bootconfig param will be ignored.
| command.AddParameter("-weaver_fd_out=", fifos[10]); | ||
| command.AddParameter("-weaver_fd_in=", fifos[11]); | ||
| command.AddParameter("-weaver_storage_path=", | ||
| instance.PerInstancePath("weaver_storage.json")); |
There was a problem hiding this comment.
The secure_env executable from android is not being substituted with the host version yet. The android version in internal main may support these flags, but other branches won't, for example if you try to launch aosp-main or an older android version.
With gflags, a possible solution would be to pass --undefok=weaver_fd_out,weaver_fd_in,weaver_storage_path as an argument to secure_env so it ignores those flags when not supported.
| auto kernel_events_fd = DupFdFlag(FLAGS_kernel_events_fd); | ||
| threads.emplace_back(StartKernelEventMonitor(kernel_events_fd, oemlock_lock)); | ||
|
|
||
| #ifdef __linux__ |
There was a problem hiding this comment.
Why is #ifdef __linux__ needed here?
There was a problem hiding this comment.
Admittedly, I was just following the same pattern as Rust KeyMint. Looks like aosp/2654824 is where it was added for KeyMint.
Removed.
| threads.emplace_back(StartKernelEventMonitor(kernel_events_fd, oemlock_lock)); | ||
|
|
||
| #ifdef __linux__ | ||
| LOG(INFO) << "starting Weaver TA implementation in a thread"; |
There was a problem hiding this comment.
nit: Please use VLOG(0) (our equivalent to LOG(DEBUG)) for this message.
Add the necessary plumbing, HVC channels, and configuration to enable the Weaver HAL in Cuttlefish. Make the Weaver HAL configurable via the `secure_hals` flag, enabling it by default. Bug: 432285494 Test: bazel test //... (in base/cvd)
No description provided.