; DICE Specification for guest VM ; See the Open DICE specification ; https://pigweed.googlesource.com/open-dice/+/HEAD/docs/specification.md, ; and the Android Profile for DICE ; https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md. ; This CDDL describes the Configuration Descriptor used for components running in AVF Guest environment ; (VM core components and payload). It extends the `ConfigurationDescriptor` specified at ; https://cs.android.com/android/platform/superproject/main/+/main:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl ; Additionally, we reserve range -71000...-71999 for AVF system specific usage. These are or can be ; used by frameworks & parsers of DICE chains such as local and remote attestation frameworks. ; Vendor must not use these key/values for other purposes, that may compromise the integrity of the system. ; Note that each of the key-value pairs may not be useful for all the boot components and therefore ; are optional. For e.g., SubcomponentDescriptor is only used in Microdroid payload, it may ; not have immediate use for pVM firmware. ; Each components of VM must specify the value corresponding to `Component name`(-70002). ; For provided reference implementations: ; ; 1. "vm_entry" - Guest 'OS'. This is the payload booted by pVM firmware. For e.g, Microdroid, Rialto. ; 2. "Microdroid vendor" - The vendor image, specific to Microdroid. ; 3. "Microdroid Payload" - Payload run by Microdroid Manager. ConfigDescriptor = { -70002 : tstr, ; Component name (? -71000: tstr // ; Path to the payload config file ? -71001: PayloadConfig), ? -71002: [+ SubcomponentDescriptor], ; The order of these should be kept constant on each boot ; of the VM instance ? -71003: bstr .size 64 ; Instance hash: Unique identifier of the VM instance } PayloadConfig = { 1: tstr ; Path to the binary file where payload execution starts } ; Describes a unit of code (e.g. an APK or an APEX) present inside the VM. ; ; For an APK, the fields are as follows: ; - Component name: The string "apk:" followed by the package name. ; - Security version: The long version code from the APK manifest ; (https://developer.android.com/reference/android/content/pm/PackageInfo#getLongVersionCode()). ; - Code hash: This is the root hash of a Merkle tree computed over all bytes of the APK, as used ; in the APK Signature Scheme v4 (https://source.android.com/docs/security/features/apksigning/v4) ; with empty salt and using SHA-256 as the hash algorithm. ; - Authority hash: The SHA-512 hash of the DER representation of the X.509 certificate for the ; public key used to sign the APK. ; ; For an APEX, they are as follows: ; - Component name: The string "apex:" followed by the APEX name as specified in the APEX Manifest ; (see https://source.android.com/docs/core/ota/apex). ; - Security version: The version number from the APEX Manifest. ; - Code hash: The root hash of the apex_payload.img file within the APEX, taken from the first ; hashtree descriptor in the VBMeta image ; (see https://android.googlesource.com/platform/external/avb/+/master/README.md). ; - Authority hash: The SHA-512 hash of the public key used to sign the file system image in the ; APEX (as stored in the apex_pubkey file). The format is as described for AvbRSAPublicKeyHeader ; in https://cs.android.com/android/platform/superproject/main/+/main:external/avb/libavb/avb_crypto.h. SubcomponentDescriptor = { 1: tstr, ; Component name 2: uint, ; Security version 3: bstr, ; Code hash 4: bstr, ; Authority hash } TODO: Describe how these descriptors are used by AVF components in Android W.