1package { 2 default_applicable_licenses: ["Android-Apache-2.0"], 3} 4 5rust_library_rlib { 6 name: "libpvmfw_avb_nostd", 7 crate_name: "pvmfw_avb", 8 defaults: ["avf_build_flags_rust"], 9 srcs: ["src/lib.rs"], 10 prefer_rlib: true, 11 rustlibs: [ 12 "libavb_rs_nostd", 13 "libtinyvec_nostd", 14 ], 15 whole_static_libs: [ 16 "libavb_baremetal", 17 ], 18 no_stdlibs: true, 19 stdlibs: [ 20 "libcore.rust_sysroot", 21 ], 22} 23 24rust_test { 25 name: "libpvmfw_avb.integration_test", 26 crate_name: "pvmfw_avb_test", 27 defaults: ["avf_build_flags_rust"], 28 srcs: ["tests/api_test.rs"], 29 test_suites: ["general-tests"], 30 data: [ 31 ":avb_testkey_rsa2048_pub_bin", 32 ":avb_testkey_rsa4096_pub_bin", 33 ":microdroid_kernel_signed", 34 ":microdroid_initrd_normal", 35 ":microdroid_initrd_debuggable", 36 ":trusty_test_vm_signed_bin", 37 ":test_image_with_one_hashdesc", 38 ":test_image_with_non_initrd_hashdesc", 39 ":test_image_with_initrd_and_non_initrd_desc", 40 ":test_image_with_name", 41 ":test_image_with_invalid_page_size", 42 ":test_image_with_negative_page_size", 43 ":test_image_with_overflow_page_size", 44 ":test_image_with_0k_page_size", 45 ":test_image_with_1k_page_size", 46 ":test_image_with_4k_page_size", 47 ":test_image_with_9k_page_size", 48 ":test_image_with_16k_page_size", 49 ":test_image_with_service_vm_prop", 50 ":test_image_with_unknown_vm_type_prop", 51 ":test_image_with_duplicated_capability", 52 ":test_image_with_rollback_index_5", 53 ":test_image_with_multiple_capabilities", 54 ":test_image_with_all_capabilities", 55 ":unsigned_test_image", 56 ], 57 prefer_rlib: true, 58 rustlibs: [ 59 "libanyhow", 60 "libavb_bindgen", 61 "libavb_rs_nostd", 62 "libhex", 63 "libpvmfw_avb_nostd", 64 "libopenssl", 65 ], 66 enabled: false, 67 arch: { 68 // Microdroid kernel is only available in these architectures. 69 arm64: { 70 enabled: true, 71 }, 72 x86_64: { 73 enabled: true, 74 }, 75 }, 76} 77 78// Generates a 16KB unsigned image for testing. 79genrule { 80 name: "unsigned_test_image", 81 tools: ["avbtool"], 82 out: ["unsigned_test.img"], 83 cmd: "$(location avbtool) generate_test_image --image_size 16384 --output $(out)", 84} 85 86avb_gen_vbmeta_image { 87 name: "test_non_initrd_hashdesc", 88 src: ":unsigned_test_image", 89 partition_name: "non_initrd11", 90 salt: "2222", 91} 92 93avb_add_hash_footer { 94 name: "test_image_with_non_initrd_hashdesc", 95 src: ":unsigned_test_image", 96 partition_name: "boot", 97 private_key: ":pvmfw_sign_key", 98 salt: "3322", 99 include_descriptors_from_images: [ 100 ":test_non_initrd_hashdesc", 101 ], 102} 103 104avb_add_hash_footer { 105 name: "test_image_with_initrd_and_non_initrd_desc", 106 src: ":unsigned_test_image", 107 partition_name: "boot", 108 private_key: ":pvmfw_sign_key", 109 salt: "3241", 110 include_descriptors_from_images: [ 111 ":microdroid_initrd_normal_hashdesc", 112 ":test_non_initrd_hashdesc", 113 ], 114 enabled: false, 115 arch: { 116 // microdroid_initrd_normal_hashdesc is only available in these architectures. 117 arm64: { 118 enabled: true, 119 }, 120 x86_64: { 121 enabled: true, 122 }, 123 }, 124} 125 126avb_add_hash_footer { 127 name: "test_image_with_name", 128 src: ":unsigned_test_image", 129 partition_name: "boot", 130 private_key: ":pvmfw_sign_key", 131 salt: "2134", 132 props: [ 133 { 134 name: "com.android.virt.name", 135 value: "test_vm_name", 136 }, 137 ], 138} 139 140avb_add_hash_footer { 141 name: "test_image_with_invalid_page_size", 142 src: ":unsigned_test_image", 143 partition_name: "boot", 144 private_key: ":pvmfw_sign_key", 145 salt: "2134", 146 props: [ 147 { 148 name: "com.android.virt.page_size", 149 value: "invalid", 150 }, 151 ], 152} 153 154avb_add_hash_footer { 155 name: "test_image_with_negative_page_size", 156 src: ":unsigned_test_image", 157 partition_name: "boot", 158 private_key: ":pvmfw_sign_key", 159 salt: "2134", 160 props: [ 161 { 162 name: "com.android.virt.page_size", 163 value: "-16", 164 }, 165 ], 166} 167 168avb_add_hash_footer { 169 name: "test_image_with_overflow_page_size", 170 src: ":unsigned_test_image", 171 partition_name: "boot", 172 private_key: ":pvmfw_sign_key", 173 salt: "2134", 174 props: [ 175 { 176 name: "com.android.virt.page_size", 177 value: "18014398509481983", 178 }, 179 ], 180} 181 182avb_add_hash_footer { 183 name: "test_image_with_0k_page_size", 184 src: ":unsigned_test_image", 185 partition_name: "boot", 186 private_key: ":pvmfw_sign_key", 187 salt: "2134", 188 props: [ 189 { 190 name: "com.android.virt.page_size", 191 value: "0", 192 }, 193 ], 194} 195 196avb_add_hash_footer { 197 name: "test_image_with_1k_page_size", 198 src: ":unsigned_test_image", 199 partition_name: "boot", 200 private_key: ":pvmfw_sign_key", 201 salt: "2134", 202 props: [ 203 { 204 name: "com.android.virt.page_size", 205 value: "1", 206 }, 207 ], 208} 209 210avb_add_hash_footer { 211 name: "test_image_with_4k_page_size", 212 src: ":unsigned_test_image", 213 partition_name: "boot", 214 private_key: ":pvmfw_sign_key", 215 salt: "2134", 216 props: [ 217 { 218 name: "com.android.virt.page_size", 219 value: "4", 220 }, 221 ], 222} 223 224avb_add_hash_footer { 225 name: "test_image_with_9k_page_size", 226 src: ":unsigned_test_image", 227 partition_name: "boot", 228 private_key: ":pvmfw_sign_key", 229 salt: "2134", 230 props: [ 231 { 232 name: "com.android.virt.page_size", 233 value: "9", 234 }, 235 ], 236} 237 238avb_add_hash_footer { 239 name: "test_image_with_16k_page_size", 240 src: ":unsigned_test_image", 241 partition_name: "boot", 242 private_key: ":pvmfw_sign_key", 243 salt: "2134", 244 props: [ 245 { 246 name: "com.android.virt.page_size", 247 value: "16", 248 }, 249 ], 250} 251 252avb_add_hash_footer { 253 name: "test_image_with_service_vm_prop", 254 src: ":unsigned_test_image", 255 partition_name: "boot", 256 private_key: ":pvmfw_sign_key", 257 salt: "2131", 258 props: [ 259 { 260 name: "com.android.virt.cap", 261 value: "remote_attest", 262 }, 263 ], 264} 265 266avb_add_hash_footer { 267 name: "test_image_with_unknown_vm_type_prop", 268 src: ":unsigned_test_image", 269 partition_name: "boot", 270 private_key: ":pvmfw_sign_key", 271 salt: "2132", 272 props: [ 273 { 274 name: "com.android.virt.cap", 275 value: "foo", 276 }, 277 ], 278} 279 280avb_add_hash_footer { 281 name: "test_image_with_duplicated_capability", 282 src: ":unsigned_test_image", 283 partition_name: "boot", 284 private_key: ":pvmfw_sign_key", 285 salt: "2134", 286 props: [ 287 { 288 name: "com.android.virt.cap", 289 value: "remote_attest|remote_attest|remote_attest", 290 }, 291 ], 292} 293 294avb_add_hash_footer { 295 name: "test_image_with_one_hashdesc", 296 src: ":unsigned_test_image", 297 partition_name: "boot", 298 private_key: ":pvmfw_sign_key", 299 salt: "1111", 300} 301 302avb_add_hash_footer { 303 name: "test_image_with_rollback_index_5", 304 src: ":unsigned_test_image", 305 partition_name: "boot", 306 private_key: ":pvmfw_sign_key", 307 salt: "1211", 308 rollback_index: 5, 309} 310 311avb_add_hash_footer { 312 name: "test_image_with_multiple_capabilities", 313 src: ":unsigned_test_image", 314 partition_name: "boot", 315 private_key: ":pvmfw_sign_key", 316 salt: "2134", 317 props: [ 318 { 319 name: "com.android.virt.cap", 320 value: "remote_attest|secretkeeper_protection", 321 }, 322 ], 323} 324 325avb_add_hash_footer { 326 name: "test_image_with_all_capabilities", 327 src: ":unsigned_test_image", 328 partition_name: "boot", 329 private_key: ":pvmfw_sign_key", 330 salt: "4231", 331 props: [ 332 { 333 name: "com.android.virt.cap", 334 value: "remote_attest|trusty_security_vm|secretkeeper_protection|supports_uefi_boot", 335 }, 336 ], 337} 338