Google Git
Sign in
android / platform / packages / modules / Virtualization / 0c5e1960150ace38d31c9d640302a432ff4e12f4 / . / service_vm
tree: 7b178b4de204bbaf69aacfbc75a22029a072956c [path history] [tgz]
  1. client_vm_csr/
  2. comm/
  3. demo_apk/
  4. fake_chain/
  5. manager/
  6. requests/
  7. test_apk/
  8. README.md
service_vm/README.md

Service VM

The Service VM is a lightweight, bare-metal virtual machine specifically designed to run various services for other virtual machines. It fulfills the following requirements:

  • Only one instance of the Service VM is allowed to run at any given time.
  • The secret contained within the instance image of the Service VM remains unchanged during updates of both the client VMs and the Service VM.

The secret is an encrypted random array that can only be decrypted by pVM Firmware. It is incorporated into the CDI values calculation of each VM loaded by pVM Firmware to ensure consistent CDI values for the VM across all reboots.

RKP VM (Remote Key Provisioning Virtual Machine)

Currently, the Service VM only supports VM remote attestation, and in that context we refer to it as the RKP VM. The RKP VM undergoes validation by the RKP Server and functions as a remotely provisioned component responsible for verifying the integrity of other virtual machines. See VM remote attestation for more details about the role of RKP VM in remote attestation.