Lines Matching refs:pvmfw
19 (“pvmfw”) in the pVM from a protected memory region (this prevents the host or
21 machine. As a result, pvmfw becomes the very first code that gets executed in
26 Given the threat model, pvmfw is not allowed to trust the devices or device
32 Once it has been determined that the platform can be trusted, pvmfw derives
36 of a missing prerequisite, pvmfw will abort the boot process of the pVM,
41 pvmfw currently only supports AArch64.
51 ### pvmfw Loading
53 When running pKVM, the physical memory from which the hypervisor loads pvmfw
55 Instead, it receives a pre-loaded memory region from a trusted pvmfw loader and
63 the generation of `pvmfw.img`, a new [ABL partition][ABL-part] containing the
64 pvmfw binary (sometimes called "`pvmfw.bin`") and following the internal format
68 Once ABL has verified the `pvmfw.img` chained static partition, the contained
69 [`boot.img` header][boot-img] may be used to obtain the size of the `pvmfw.bin`
72 partition following the header will be the `pvmfw.bin` image.
74 Note that when it gets executed in the context of a pVM, `pvmfw` expects to have
76 the `pvmfw.bin` image without respecting this alignment, it is the
82 page size used by the hypervisor. This single region must include both the pvmfw
101 As part of the process of loading pvmfw, the loader (typically the Android
102 Bootloader, "ABL") is expected to pass device-specific pvmfw configuration data
103 by appending it to the pvmfw binary and including it in the region passed to the
105 data as it does to pvmfw and will transparently load it in guest memory, making
106 it available to pvmfw at runtime. This enables pvmfw to be kept device-agnostic,
110 The configuration data will be read by pvmfw at the next 4KiB boundary from the
111 end of its loaded binary. Even if the pvmfw is position-independent, it will be
113 location of the configuration data is implicitly passed to pvmfw and known to it
122 | pvmfw.bin |
200 pvmfw will provision assigned devices with the VM DTBO.
205 may be included in the device tree passed to a protected VM. pvmfw validates
213 passed to the VM via the host. pvmfw does not interpret the content of VM
252 Unique Device Secret (UDS) in a boot stage preceding the pvmfw loader (typically
259 at the pvmfw loader, using an arbitrary constant as initial CDI. The pvmfw
269 - **Code**: hash of the pvmfw image, hypervisor (`boot.img`), and other target
270 code relevant to the secure execution of pvmfw (_e.g._ `vendor_boot.img`)
271 - **Configuration Data**: any extra input relevant to pvmfw security
281 The resulting `AndroidDiceHandover` is then used by pvmfw in a similar way to
297 pvmfw is intended to run in a virtualized environment according to the `crosvm`
304 At boot, pvmfw discovers the running hypervisor in order to select the
346 As the hypervisor makes pvmfw the entry point of the VM, the initial value of
356 to booting the VM, are described to pvmfw using the device tree (x0):
384 After verifying the guest kernel, pvmfw boots it using the Linux ABI described
404 - the `/chosen/avf,new-instance` flag, set when pvmfw generated a new secret
414 pvmfw verifies the guest kernel image (loaded by the VMM) by re-using tools and
426 In cases where a ramdisk is required by the guest, pvmfw must also verify it. To
447 the signer to specify if pvmfw must consider the guest to be debuggable
460 For faster iteration, you can build pvmfw, adb-push it to the device, and use
463 above must be replicated to produce a single file containing the pvmfw binary
467 file][bcc.dat]) can be appended to the `pvmfw.bin` image with `pvmfw-tool`.
470 m pvmfw-tool pvmfw_bin
471 PVMFW_BIN=${ANDROID_PRODUCT_OUT}/system/etc/pvmfw.bin
472 DICE=${ANDROID_BUILD_TOP}/packages/modules/Virtualization/tests/pvmfw/assets/bcc.dat
474 pvmfw-tool custom_pvmfw ${PVMFW_BIN} ${DICE}
478 `hypervisor.pvmfw.path` to it will cause AVF to use that image as pvmfw:
481 adb push custom_pvmfw /data/local/tmp/pvmfw
483 adb shell setprop hypervisor.pvmfw.path /data/local/tmp/pvmfw
494 …ndroid/platform/superproject/main/+/main:packages/modules/Virtualization/tests/pvmfw/assets/bcc.dat