1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package android.system.virtualmachineservice;
17 
18 import android.hardware.security.secretkeeper.ISecretkeeper;
19 import android.system.virtualizationcommon.Certificate;
20 import android.system.virtualizationcommon.ErrorCode;
21 
22 /** {@hide} */
23 interface IVirtualMachineService {
24     /**
25      * Port number that VirtualMachineService listens on connections from the guest VMs for the
26      * tombtones
27      */
28     const int VM_TOMBSTONES_SERVICE_PORT = 2000;
29 
30     /**
31      * Notifies that the payload has started.
32      */
notifyPayloadStarted()33     void notifyPayloadStarted();
34 
35     /**
36      * Notifies that the payload is ready to serve.
37      */
notifyPayloadReady()38     void notifyPayloadReady();
39 
40     /**
41      * Notifies that the payload has finished.
42      */
notifyPayloadFinished(int exitCode)43     void notifyPayloadFinished(int exitCode);
44 
45     /**
46      * Notifies that an error has occurred inside the VM.
47      */
notifyError(ErrorCode errorCode, in String message)48     void notifyError(ErrorCode errorCode, in String message);
49 
50     /**
51      * Requests a certificate chain for the provided certificate signing request (CSR).
52      *
53      * @param csr The certificate signing request.
54      * @param testMode Whether the request is for test purposes.
55      * @return A sequence of DER-encoded X.509 certificates that make up the attestation
56      *         key's certificate chain. The attestation key is provided in the CSR.
57      */
requestAttestation(in byte[] csr, in boolean testMode)58     Certificate[] requestAttestation(in byte[] csr, in boolean testMode);
59 
60     /**
61      * Request connection to Secretkeeper. This is used by pVM to store rollback protected secrets.
62      * Note that this returns error if Secretkeeper is not supported on device. Guest should check
63      * that Secretkeeper is supported from Linux device tree before calling this.
64      */
getSecretkeeper()65     ISecretkeeper getSecretkeeper();
66 }
67