The pvmfw partition holds the protected VM firmware that is used by
Protected KVM to bootstrap the trust in protected VMs. Teach fastboot
about the partition so it gets flashed with flashall.
pvmfw is an AVB chained partition so is marked as BootCritical to allow
ABL's AVB verification to pass.
Test: tab complete and flashall
Bug: 171280178
Change-Id: Ie4cc478de25a945bc510488d87c2bee3aa5031f2
* changes:
trusty: Add simple fuzzer for keymaster TA
trusty: Increase limit on coverage counters
trusty: Write out sancov file when fuzzer exits
trusty: Switch to dmabuf for coverage shared memory
Adds a simple libfuzzer-based coverage guided fuzzer for keymaster.
Current coverage is low, so we'll need to improve this with an initial
corpus or a more sophisticated protocol aware fuzzer.
Bug: 175918322
Test: make trusty_keymaster_fuzzer
Test: adb shell /data/fuzz/arm64/trusty_keymaster_fuzzer/trusty_keymaster_fuzzer
Change-Id: Iad1713e1a73cc5a6a3ec742cc433d1337aca9bc3
Keymaster has more than 4096 counters, so we need to allocate a larger
section for the libfuzzer extra counters. Increases the size of the
extra counters section to 16384.
Bug: 171750250
Test: atest libtrusty_coverage_test
Change-Id: Iaee2c74b6d0c7ae8a2e5a30525759f89f825a091
Add emission of sancov file when CoverageRecord is destroyed. This
will occur when a fuzzer driver exits cleanly, i.e. -runs=0 with an
existing corpus.
Test: make trusty_gatekeeper_fuzzer
Test: adb shell ./trusty_gatekeeper_fuzzer -runs=0 corpus
Bug: 175221942
Change-Id: I6bd1c8b2f2091e894c35f7a4874b54577a91c8fc
Trusty shared memory now uses dmabuf instead of memfd. Switch the
coverage buffer allocation to use libdmabufheap.
Test: atest libtrusty_coverage_test
Bug: None
Change-Id: I067dd0774d19b42380ce5cb8ceb3541fa77ef9f0
WaitForDelete is supposed to block until close() has been called on the
COW image. However, it could race with the destructor for Snapuserd
since nothing guaranteed it was freed within the global lock.
This patch fixes the bug and refactors the surrounding code to make the
responsibilities of each thread clearer.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Icfc264e6dff378db585c81cde381cc24269f4800
Grouping metadata into clusters decreases the overhead occured by extra
reads. Assuming a constant added cost with reads, we currently measure
this to be around 1.2 microseconds. For an entire OTA, this can add up
to several seconds of time. Setting the cluster size to 200 removes
99.5% of that extra time, while adding 20 bytes per 200 ops, as well as
up to 200*20 byes (4kb) unused space near the end of the file, although
it would be half of that on average. We save 99.5% of the overhead of
separate reads for a 0.5% space increase.
We've opted for a change to the default so that tools that estimate cow
size and any others will automatically be kept up to date, without
needing to update the value everywhere.
Bug: 172026020
Test: cow_api_test
Change-Id: Id4525cf2abfecf4691b46588823cb3cb4f6234d9
This change will help non-user builds with keeping debugfs
disabled during run time. Instead, debugfs will be mounted by init
to enable boot time initializations to set up vendor debug data
collection and unmounted after boot. It will be also be mounted by
dumpstate for bug report generation and unmounted after.
This change is only intended to help vendors (who depend on debugfs to
collect debug information from userdebug/eng builds) keep debugfs
disabled during runtime. Platform code must not depend on debugfs at all.
Test: manual
Bug: 176936478
Change-Id: I2e89d5b9540e3de094976563682d4b8c5c125876
The corpus of Confirmationui usually contains multiple data packets
to be transfered from Android side to Trusty side.
Therefore we adjust the Confirmationui fuzzer so that it can send
data to Confirmationui TA several times through a same tipc channel.
Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: Ib6ae831e6a19c98eb62a1c75f77eb00f914e2f5c
* changes:
libsnapshot: Fix tests that depend on PrepareOneSnapshot().
libsnapshot: Ensure dm-user devices are destroyed after a merge.
libsnapshot: Fix tests for mapping snapshots in first-stage init.
init: Add an selinux transition for snapuserd.
The following API was added for the API level 30 and beyond. Currently,
its existence is tested using the null check which is done regardless of
the min sdk version of the compilation unit. (which in turn required us
to mark the API symbol weak regardless of the min sdk version.)
* AGroupController_getFlags
Now, we have a better way of testing the API availability;
__builtin_available. The null check is replaced with the call to the
compiler-provided macro which determines if the code is running in a
version of OS where the API is known to exist.
Bug: 150860940
Bug: 134795810
Test: m
Change-Id: I5d17fc877c553c402a62485b61af574a54658a76
__ANDROID_API__ guards are removed in favor of __INTRODUCED_IN macros.
Currently, __INTRODUCED_IN macro does nothing for these headers (it's
meaningful only to the headers processed by versioner which are limited
to binic headers). The plan is to make the macros to tag the declaration
with the availability attribute. Then, when the min_sdk_version of a
caller is set to an API level that is older than the API level of the
APIs, the compiler will provide them as weak symbols and enforce that
calling the APIs are guarded with a runtime check.
For now, these guards are preventing from making a build system change
to let __ANDROID_API__ track the min_sdk_version property instead of the
sdk_version property. With the build system change, __ANDROID_API__ will
suddenly drop for the native modules where min_sdk_version <
sdk_version, which is the case when the modules are included in APEXes.
As a result, some new APIs will be unavailable at build-time. Dropping
the hand-written guards fixes the problem.
Bug: 163288375
Test: m
Change-Id: If1cc6b9af410f536abe6d777c22711209fa76530
PrepareOneSnapshot was hardcoded in a way that only worked with
pre-compression devices. This patch makes it use the public API and
supported update flow.
One test, SnapshotTest.Merge, now uses OpenSnapshotWriter instead of
MapUpdateSnapshot. There are still other tests using the old API call.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Iec4bf6efe6a82e1f90b81fa4211201845ebabe62
Also, make sure snapuserd has closed its references. This is preventing
the merge from completing until a reboot.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Iba18f887bdb262c630ec44461871e19fe64dbf3c
These tests are failing due to a missing WaitForFile call. Simplify
setting this up by adding a helper.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Ic2afa74f72c7e364695233120b2327bae904882a
After Treblized, AOSP do not handle /factory folder. Also, AOSP
does not mount any partition to /factory. /factory has no possibility
to have any content. For factory purpose, it can be implemented in
vendor.
Bug: 177280838
Test: na
Change-Id: I0a2537336c2ef1efbad3e4f9e876aeaa607bc737
If the requested IO is not 4k aligned and spans
between two COW Operations, then we will have
to split the IO as we need to read the partial
buffers from two COW operations.
BUG: 176918488
Test: cow_snapuserd_test - Data verification with unaligned IO
Full OTA on cuttlefish
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Icf6801e1767112b92cb7991808860f119adebda2
It is replaced by health HIDL HAL 2.0. Devices launching
with Android P and above must always have health HAL 2.0,
so health HAL is no longer needed for Android S.
Test: TH
Bug: 171260613
Change-Id: I7d94af36a880d7c658e879a3986924a786e58de9
Now that the feature guarded by this flag has landed in Linux 5.10
we no longer need the flag, so we can remove it.
Bug: 135772972
Change-Id: I02fa50848cbd0486c23c8a229bb8f1ab5dd5a56f
