en/security/verifiedboot/boot-flow.html - platform/docs/source.android.com - Git at Google

 <html devsite>
   <head>
     <title>Boot Flow</title>
     <meta name="project_path" value="/_project.yaml" />
     <meta name="book_path" value="/_book.yaml" />
   </head>
   <body>
   <!--
       Copyright 2018 The Android Open Source Project

       Licensed under the Apache License, Version 2.0 (the "License");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at

           //www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software
       distributed under the License is distributed on an "AS IS" BASIS,
       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and
       limitations under the License.
   -->
 <p>
 The recommended boot flow for a device is as follows:
 </p>
 <figure>
   <img src="/security/images/verified-boot-flow.png"
        alt="Verified boot flow">
   <figcaption><b>Figure 1</b>. Verified boot flow</figcaption>
 </figure>

 <h2 id="flow-for-a-b-devices">Flow for A/B devices</h2>
 <p>
 If the device is using A/B, the boot flow is slightly different. The slot to
 boot must first be marked as <code>SUCCESSFUL</code> using the <a
 href="https://android.googlesource.com/platform/hardware/interfaces/+/master/boot/1.0/IBootControl.hal"
 class="external">Boot Control HAL</a> <strong>before</strong> updating the
 Rollback Protection metadata.
 </p>
 <p>
 If there's a platform update that fails (is not marked
 <code>SUCCESSFUL</code>), the A/B stack falls back to the other slot,
 which still has the previous version of Android in it. However, if
 the Rollback Protection-metadata had been set, the previous version can't
 boot because of Rollback Protection.
 </p>

 <h2 id="communicating-verified-boot-state-to-users">Communicating Verified Boot
   state to users</h2>
 <p>
 After determining the boot state of a device, you need to communicate that
 state to the user. If the device doesn't have any issues, then proceed without
 displaying anything. Verified Boot issues fall into these categories:
 </p>
 <ul>
  <li>YELLOW: Warning screen for LOCKED devices with custom root of trust set</li>
  <li>ORANGE: Warning screen for UNLOCKED devices</li>
  <li>RED (eio): Warning screen for dm-verity corruption</li>
  <li>RED (no os found): No valid OS found</li>
 </ul>
 <table class="columns">
   <col width="50%">
   <col width="50%">
   <tr>
     <td>
 <h3 id="locked-devices-with-custom-root-of-trust">LOCKED devices with custom
 root of trust</h3>

 <p>
 Show a YELLOW screen on every boot if the device is LOCKED, a custom root of
 trust has been set, and the image was signed with this custom root of trust.
 The YELLOW screen is dismissed after ten seconds and the device continues
 booting. If the user presses the power button, "Press power button to pause"
 text changes to "Press power button to continue" and the screen is never
 dismissed, though the device may dim or turn off the screen to protect against
 burn-in). If pressed again, the screen is dismissed and the phone continues
 booting.
 </p>
 <p>
 For the <var>hex-number</var>, use the first 8 digits of the sha256 of
 the libavb representation of the public key used for verification, for example
 <code>f7a24de1</code>.
 </p>
 <p>
 <strong>Suggested text:</strong>
 </p>
 <p>
 Your device has loaded a different operating system.
 </p>
 <p>
 Visit this link on another device to learn more:
 </p>
 <p>
 g.co/ABH
 </p>
 <p>
 ID: <var>hex-number</var>
 </p>
 <p>
 <span class="material-icons">power_settings_new</span> Press power button to pause
 </p>
 <p>&nbsp;</p>
     </td>
     <td>

 <figure>
  <p><strong>Example YELLOW screen:</strong></p>
   <img src="/security/images/boot_yellow1.png"
        alt="Yellow device warning screen">
 </figure>
     </td>
   </tr>
   <tr>
     <td>
 <h3 id="unlocked-devices">UNLOCKED devices</h3>
 <p>
 Show an ORANGE screen on every boot if the device is UNLOCKED. The ORANGE screen
 is dismissed after ten seconds and the device continues booting. If the user
 presses the power button, "Press power button to pause" text changes to "Press
 power button to continue" and the screen is never dismissed (the device may dim
 and/or turn off the screen if needed to protect against burn-in or similar). If
 pressed again, the screen is dismissed and the phone continues booting.
 </p>
 <p>
 For the <var>hex-number</var>, use the first 8 digits of the sha256 of the libavb
 representation of the public key used for verification, for example
 <code>f7a24de1</code>.
 </p>
 <p>
 <strong>Suggested text:</strong>
 </p>
 <p>
 The boot loader is unlocked and software integrity cannot be guaranteed. Any
 data stored on the device may be available to attackers. Do not store any
 sensitive data on the device.
 </p>
 <p>
 Visit this link on another device to learn more:
 </p>
 <p>
 g.co/ABH
 </p>
 <p>
 ID: <var>hex-number</var>
 </p>
 <p>
 <span class="material-icons">power_settings_new</span> Press power button to pause.
 </p>
 <p>&nbsp;</p>
     </td>
     <td>

 <figure>
  <p><strong>Example ORANGE screen:</strong></p>
   <img src="/security/images/boot_orange.png"
        alt="Orange device warning screen">
 </figure>
     </td>
   </tr>
   <tr>
     <td>

 <h3 id="dm-verity-corruption">dm-verity corruption</h3>
 <p>
 Show a RED <code>eio</code> screen if a valid version of Android is found and
 the device is currently in the <code>eio</code> dm-verity mode. The user needs
 to click the power button to continue. If the user hasn't acknowledged the
 warning screen within 30 seconds, the device powers off (to protect the screen
 against burn-in and save power).
 </p>

 <aside class="note">
 <strong>Note:</strong> Other warning screens may follow this screen. For example, if the
 device is <code>UNLOCKED</code> the ORANGE screen shows after.
 </aside>

 <p>
 <strong>Suggested text:</strong>
 </p>
 <p>
 Your device is corrupt. It can't be trusted and may not work properly.
 </p>
 <p>
 Visit this link on another device to learn more:
 </p>
 <p>
 g.co/ABH
 </p>
 <p>
 <span class="material-icons">power_settings_new</span> Press power button to continue.
 </p>
 <p>&nbsp;</p>
     </td>
     <td>
 <figure>
  <p><strong>Example RED eio screen:</strong></p>
   <img src="/security/images/boot_red1.png"
        alt="Red eio device warning screen">
 </figure>
     </td>
   </tr>
   <tr>
     <td>
     <h3 id="no-valid-os-found">No valid OS found</h3>
 <p>
 Show a RED screen is shown if no valid version of Android can be found. The
 device cannot continue booting. If the user hasn't acknowledged the warning
 screen within 30 seconds, the device powers off to protect the screen against
 burn-in and save power).
 </p>
 <p>
 For the <var>hex-number</var>, use the first 8 digits of the sha256 of
 the libavb representation of the public key used for verification, for example
 <code>f7a24de1</code>.
 </p>
 <p>
 <strong>Suggested text:</strong>
 </p>
 <p>
 No valid operating system could be found. The device will not boot.
 </p>
 <p>
 Visit this link on another device to learn more:
 </p>
 <p>
 g.co/ABH
 </p>
 <p>
 ID: <var>hex-number</var>
 </p>
 <p>
 <span class="material-icons">power_settings_new</span> Press power button to power off.
 </p>
 <p>&nbsp;</p>
     </td>
     <td>
 <figure>
  <p><strong>Example RED screen:</strong></p>
   <img src="/security/images/boot_red2.png"
        alt="Red corrupt device warning screen">
 </figure>
     </td>
   </tr>
   <tr>
     <td>
 <h3 id="unlock-confirmation">Unlock confirmation</h3>
 <p>
 Show an unlock confirmation screen in response to the
 <code>fastboot flashing unlock</code> command being executed via the fastboot
 interface. Focus is initially on <em>Don't unlock</em>. If the user hasn't
 interacted with the warning screen within 30 seconds, the screen disappears and
 the command fails.
 </p>
 <p>
 <strong>Suggested text:</strong>
 </p>
 <p>
 If you unlock the bootloader, you will be able to install custom operating
 system software on this phone. A custom OS is not subject to the same level of
 testing as the original OS, and can cause your phone and installed applications
 to stop working properly. Software integrity cannot be guaranteed with a custom
 OS so any data stored on the phone while the bootloader is unlocked may be at
 risk.
 </p>
 <p>
 To prevent unauthorized access to your personal data, unlocking the bootloader
 will also delete all personal data on your phone.
 </p>
 <p>
 Press the Volume Up/Volume Down to select whether to unlock the bootloader, then
 the power button to continue.
 </p>
 <p>
 Unlock
 </p>
 <p>
 Unlock bootloader.
 </p>
 <p>
 Don't unlock
 </p>
 <p>
 Do not unlock bootloader and restart phone.
 </p>
 <p>&nbsp;</p>
     </td>
     <td>
 <figure>
  <p><strong>Example screen:</strong></p>
   <img src="/security/images/unlock-confirmation.png"
        alt="UNLOCK device warning screen">
 </figure>
     </td>
   </tr>
   <tr>
     <td>
 <h3 id="lock-confirmation">Lock confirmation</h3>
 <p>
 Show a lock confirmation screen in response to the <code>fastboot flashing
 lock</code> command being executed via the fastboot interface. Focus is
 initially on <em>Don't lock</em>. If the user hasn't interacted with the
 warning screen within 30 seconds, the screen disappears and the command fails.
 </p>
 <p>
 <strong>Text:</strong>
 </p>
 <p>
 If you lock the bootloader, you will not be able to install custom operating
 system software on this phone. To prevent unauthorized access to your personal
 data, locking the bootloader will also delete all personal data on your phone.
 </p>
 <p>
 Press the Volume Up/Volume Down to select whether to lock the bootloader, then
 the power button to continue.
 </p>
 <p>
 Lock
 </p>
 <p>
 Lock bootloader.
 </p>
 <p>
 Don't lock
 </p>
 <p>
 Do not lock bootloader and restart phone.
 </p>
 <p>&nbsp;</p>
     </td>
     <td>
 <figure>
  <p><strong>Example screen:</strong></p>
   <img src="/security/images/lock-confirmation.png"
        alt="LOCK confirmation device warning screen">
 </figure>
     </td>
   </tr>
 </table>
 <h2 id="communicating-verified-boot-state-to-android">Communicating Verified
 Boot state to Android</h2>
 <p>
 The bootloader communicates Verified Boot state to Android through
 kernel-command options. It sets the <code>androidboot.verifiedstate</code>
 option to one of the following values:
 </p>
 <ul>
  <li><code>green</code>: if device is <code>LOCKED</code> and user-settable
      root of trust is not used</li>
  <li><code>yellow</code>: if device is <code>LOCKED</code> and user-settable
      root of trust is used</li>
  <li><code>orange</code>: if device is <code>UNLOCKED</code></li>
 </ul>
 <p>
 The <code>androidboot.veritymode</code> option is set to <code>eio</code> or
 <code>restart</code> depending on which state the boot loader is in with respect
 to handling dm-verity errors. For more details, see <a
 href="/security/verifiedboot/verified-boot#handling-verification-errors">Handling
 verification errors</a>.
 </p>
 </body>
 </html>
	<html devsite>
	<head>
	<title>Boot Flow</title>
	<meta name="project_path" value="/_project.yaml" />
	<meta name="book_path" value="/_book.yaml" />
	</head>
	<body>
	<!--
	Copyright 2018 The Android Open Source Project

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	//www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<p>
	The recommended boot flow for a device is as follows:
	</p>
	<figure>
	<img src="/security/images/verified-boot-flow.png"
	alt="Verified boot flow">
	<figcaption><b>Figure 1</b>. Verified boot flow</figcaption>
	</figure>

	<h2 id="flow-for-a-b-devices">Flow for A/B devices</h2>
	<p>
	If the device is using A/B, the boot flow is slightly different. The slot to
	boot must first be marked as <code>SUCCESSFUL</code> using the <a
	href="https://android.googlesource.com/platform/hardware/interfaces/+/master/boot/1.0/IBootControl.hal"
	class="external">Boot Control HAL</a> <strong>before</strong> updating the
	Rollback Protection metadata.
	</p>
	<p>
	If there's a platform update that fails (is not marked
	<code>SUCCESSFUL</code>), the A/B stack falls back to the other slot,
	which still has the previous version of Android in it. However, if
	the Rollback Protection-metadata had been set, the previous version can't
	boot because of Rollback Protection.
	</p>

	<h2 id="communicating-verified-boot-state-to-users">Communicating Verified Boot
	state to users</h2>
	<p>
	After determining the boot state of a device, you need to communicate that
	state to the user. If the device doesn't have any issues, then proceed without
	displaying anything. Verified Boot issues fall into these categories:
	</p>
	<ul>
	<li>YELLOW: Warning screen for LOCKED devices with custom root of trust set</li>
	<li>ORANGE: Warning screen for UNLOCKED devices</li>
	<li>RED (eio): Warning screen for dm-verity corruption</li>
	<li>RED (no os found): No valid OS found</li>
	</ul>
	<table class="columns">
	<col width="50%">
	<col width="50%">
	<tr>
	<td>
	<h3 id="locked-devices-with-custom-root-of-trust">LOCKED devices with custom
	root of trust</h3>

	<p>
	Show a YELLOW screen on every boot if the device is LOCKED, a custom root of
	trust has been set, and the image was signed with this custom root of trust.
	The YELLOW screen is dismissed after ten seconds and the device continues
	booting. If the user presses the power button, "Press power button to pause"
	text changes to "Press power button to continue" and the screen is never
	dismissed, though the device may dim or turn off the screen to protect against
	burn-in). If pressed again, the screen is dismissed and the phone continues
	booting.
	</p>
	<p>
	For the <var>hex-number</var>, use the first 8 digits of the sha256 of
	the libavb representation of the public key used for verification, for example
	<code>f7a24de1</code>.
	</p>
	<p>
	<strong>Suggested text:</strong>
	</p>
	<p>
	Your device has loaded a different operating system.
	</p>
	<p>
	Visit this link on another device to learn more:
	</p>
	<p>
	g.co/ABH
	</p>
	<p>
	ID: <var>hex-number</var>
	</p>
	<p>
	<span class="material-icons">power_settings_new</span> Press power button to pause
	</p>
	<p> </p>
	</td>
	<td>

	<figure>
	<p><strong>Example YELLOW screen:</strong></p>
	<img src="/security/images/boot_yellow1.png"
	alt="Yellow device warning screen">
	</figure>
	</td>
	</tr>
	<tr>
	<td>
	<h3 id="unlocked-devices">UNLOCKED devices</h3>
	<p>
	Show an ORANGE screen on every boot if the device is UNLOCKED. The ORANGE screen
	is dismissed after ten seconds and the device continues booting. If the user
	presses the power button, "Press power button to pause" text changes to "Press
	power button to continue" and the screen is never dismissed (the device may dim
	and/or turn off the screen if needed to protect against burn-in or similar). If
	pressed again, the screen is dismissed and the phone continues booting.
	</p>
	<p>
	For the <var>hex-number</var>, use the first 8 digits of the sha256 of the libavb
	representation of the public key used for verification, for example
	<code>f7a24de1</code>.
	</p>
	<p>
	<strong>Suggested text:</strong>
	</p>
	<p>
	The boot loader is unlocked and software integrity cannot be guaranteed. Any
	data stored on the device may be available to attackers. Do not store any
	sensitive data on the device.
	</p>
	<p>
	Visit this link on another device to learn more:
	</p>
	<p>
	g.co/ABH
	</p>
	<p>
	ID: <var>hex-number</var>
	</p>
	<p>
	<span class="material-icons">power_settings_new</span> Press power button to pause.
	</p>
	<p> </p>
	</td>
	<td>

	<figure>
	<p><strong>Example ORANGE screen:</strong></p>
	<img src="/security/images/boot_orange.png"
	alt="Orange device warning screen">
	</figure>
	</td>
	</tr>
	<tr>
	<td>

	<h3 id="dm-verity-corruption">dm-verity corruption</h3>
	<p>
	Show a RED <code>eio</code> screen if a valid version of Android is found and
	the device is currently in the <code>eio</code> dm-verity mode. The user needs
	to click the power button to continue. If the user hasn't acknowledged the
	warning screen within 30 seconds, the device powers off (to protect the screen
	against burn-in and save power).
	</p>

	<aside class="note">
	<strong>Note:</strong> Other warning screens may follow this screen. For example, if the
	device is <code>UNLOCKED</code> the ORANGE screen shows after.
	</aside>

	<p>
	<strong>Suggested text:</strong>
	</p>
	<p>
	Your device is corrupt. It can't be trusted and may not work properly.
	</p>
	<p>
	Visit this link on another device to learn more:
	</p>
	<p>
	g.co/ABH
	</p>
	<p>
	<span class="material-icons">power_settings_new</span> Press power button to continue.
	</p>
	<p> </p>
	</td>
	<td>
	<figure>
	<p><strong>Example RED eio screen:</strong></p>
	<img src="/security/images/boot_red1.png"
	alt="Red eio device warning screen">
	</figure>
	</td>
	</tr>
	<tr>
	<td>
	<h3 id="no-valid-os-found">No valid OS found</h3>
	<p>
	Show a RED screen is shown if no valid version of Android can be found. The
	device cannot continue booting. If the user hasn't acknowledged the warning
	screen within 30 seconds, the device powers off to protect the screen against
	burn-in and save power).
	</p>
	<p>
	For the <var>hex-number</var>, use the first 8 digits of the sha256 of
	the libavb representation of the public key used for verification, for example
	<code>f7a24de1</code>.
	</p>
	<p>
	<strong>Suggested text:</strong>
	</p>
	<p>
	No valid operating system could be found. The device will not boot.
	</p>
	<p>
	Visit this link on another device to learn more:
	</p>
	<p>
	g.co/ABH
	</p>
	<p>
	ID: <var>hex-number</var>
	</p>
	<p>
	<span class="material-icons">power_settings_new</span> Press power button to power off.
	</p>
	<p> </p>
	</td>
	<td>
	<figure>
	<p><strong>Example RED screen:</strong></p>
	<img src="/security/images/boot_red2.png"
	alt="Red corrupt device warning screen">
	</figure>
	</td>
	</tr>
	<tr>
	<td>
	<h3 id="unlock-confirmation">Unlock confirmation</h3>
	<p>
	Show an unlock confirmation screen in response to the
	<code>fastboot flashing unlock</code> command being executed via the fastboot
	interface. Focus is initially on <em>Don't unlock</em>. If the user hasn't
	interacted with the warning screen within 30 seconds, the screen disappears and
	the command fails.
	</p>
	<p>
	<strong>Suggested text:</strong>
	</p>
	<p>
	If you unlock the bootloader, you will be able to install custom operating
	system software on this phone. A custom OS is not subject to the same level of
	testing as the original OS, and can cause your phone and installed applications
	to stop working properly. Software integrity cannot be guaranteed with a custom
	OS so any data stored on the phone while the bootloader is unlocked may be at
	risk.
	</p>
	<p>
	To prevent unauthorized access to your personal data, unlocking the bootloader
	will also delete all personal data on your phone.
	</p>
	<p>
	Press the Volume Up/Volume Down to select whether to unlock the bootloader, then
	the power button to continue.
	</p>
	<p>
	Unlock
	</p>
	<p>
	Unlock bootloader.
	</p>
	<p>
	Don't unlock
	</p>
	<p>
	Do not unlock bootloader and restart phone.
	</p>
	<p> </p>
	</td>
	<td>
	<figure>
	<p><strong>Example screen:</strong></p>
	<img src="/security/images/unlock-confirmation.png"
	alt="UNLOCK device warning screen">
	</figure>
	</td>
	</tr>
	<tr>
	<td>
	<h3 id="lock-confirmation">Lock confirmation</h3>
	<p>
	Show a lock confirmation screen in response to the <code>fastboot flashing
	lock</code> command being executed via the fastboot interface. Focus is
	initially on <em>Don't lock</em>. If the user hasn't interacted with the
	warning screen within 30 seconds, the screen disappears and the command fails.
	</p>
	<p>
	<strong>Text:</strong>
	</p>
	<p>
	If you lock the bootloader, you will not be able to install custom operating
	system software on this phone. To prevent unauthorized access to your personal
	data, locking the bootloader will also delete all personal data on your phone.
	</p>
	<p>
	Press the Volume Up/Volume Down to select whether to lock the bootloader, then
	the power button to continue.
	</p>
	<p>
	Lock
	</p>
	<p>
	Lock bootloader.
	</p>
	<p>
	Don't lock
	</p>
	<p>
	Do not lock bootloader and restart phone.
	</p>
	<p> </p>
	</td>
	<td>
	<figure>
	<p><strong>Example screen:</strong></p>
	<img src="/security/images/lock-confirmation.png"
	alt="LOCK confirmation device warning screen">
	</figure>
	</td>
	</tr>
	</table>
	<h2 id="communicating-verified-boot-state-to-android">Communicating Verified
	Boot state to Android</h2>
	<p>
	The bootloader communicates Verified Boot state to Android through
	kernel-command options. It sets the <code>androidboot.verifiedstate</code>
	option to one of the following values:
	</p>
	<ul>
	<li><code>green</code>: if device is <code>LOCKED</code> and user-settable
	root of trust is not used</li>
	<li><code>yellow</code>: if device is <code>LOCKED</code> and user-settable
	root of trust is used</li>
	<li><code>orange</code>: if device is <code>UNLOCKED</code></li>
	</ul>
	<p>
	The <code>androidboot.veritymode</code> option is set to <code>eio</code> or
	<code>restart</code> depending on which state the boot loader is in with respect
	to handling dm-verity errors. For more details, see <a
	href="/security/verifiedboot/verified-boot#handling-verification-errors">Handling
	verification errors</a>.
	</p>
	</body>
	</html>