Skip to content

Add Weaver TA to secure_env#2803

Open
karunae wants to merge 5 commits into
google:mainfrom
karunae:weaver_hal
Open

Add Weaver TA to secure_env#2803
karunae wants to merge 5 commits into
google:mainfrom
karunae:weaver_hal

Conversation

@karunae

@karunae karunae commented Jul 1, 2026

Copy link
Copy Markdown

No description provided.

@karunae

karunae commented Jul 1, 2026

Copy link
Copy Markdown
Author

@jemoreira would you mind reviewing these changes?

Karuna Wadhera added 3 commits July 13, 2026 12:56
Move the main event loop for TAs into a common library
libsecure_env_common to avoid duplication. This refactoring is done in
preparation for introducing the Weaver HAL.

Bug: b/432285494
Test: bazel test //... (in base/cvd)
Move the C++ log forwarder to the common crate to enable its use by
other TAs. Also rename 'tpm_ffi' files to 'secure_env_ffi' to reflect
they are no longer strictly TPM-specific. This refactoring is done in
preparation for introducing the Weaver HAL.

Bug: 432285494
Test: bazel test //... (in base/cvd)
Implement the Weaver Trusted Application in Rust on the host side.
This TA will handle secure storage of Weaver slots.

Bug: 432285494
Test: bazel test //... (in base/cvd)

static constexpr char kDefaultSecure[] =
"oemlock,guest_keymint_insecure,guest_gatekeeper_insecure";
"oemlock,guest_keymint_insecure,guest_gatekeeper_insecure,weaver";

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a kernel command line argument or a property value. What happens if "weaver" is set here but the guest android doesn't support it? Will it just be ignored?

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting weaver here sets bootconfig_args["androidboot.vendor.apex.com.android.hardware.weaver"] = "com.android.hardware.weaver.cf";.

This indicates to guest Android that it should load and activate the com.android.hardware.weaver.cf APEX.

AIUI, if the APEX is missing in guest Android, the bootconfig param will be ignored.

Comment on lines +72 to +75
command.AddParameter("-weaver_fd_out=", fifos[10]);
command.AddParameter("-weaver_fd_in=", fifos[11]);
command.AddParameter("-weaver_storage_path=",
instance.PerInstancePath("weaver_storage.json"));

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The secure_env executable from android is not being substituted with the host version yet. The android version in internal main may support these flags, but other branches won't, for example if you try to launch aosp-main or an older android version.

With gflags, a possible solution would be to pass --undefok=weaver_fd_out,weaver_fd_in,weaver_storage_path as an argument to secure_env so it ignores those flags when not supported.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, thanks

auto kernel_events_fd = DupFdFlag(FLAGS_kernel_events_fd);
threads.emplace_back(StartKernelEventMonitor(kernel_events_fd, oemlock_lock));

#ifdef __linux__

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is #ifdef __linux__ needed here?

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Admittedly, I was just following the same pattern as Rust KeyMint. Looks like aosp/2654824 is where it was added for KeyMint.

Removed.

threads.emplace_back(StartKernelEventMonitor(kernel_events_fd, oemlock_lock));

#ifdef __linux__
LOG(INFO) << "starting Weaver TA implementation in a thread";

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Please use VLOG(0) (our equivalent to LOG(DEBUG)) for this message.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@jemoreira
jemoreira requested a review from Databean July 16, 2026 18:46
Add the necessary plumbing, HVC channels, and configuration to
enable the Weaver HAL in Cuttlefish. Make the Weaver HAL configurable
via the `secure_hals` flag, enabling it by default.

Bug: 432285494
Test: bazel test //... (in base/cvd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants