| <html devsite> |
| <head> |
| <title>Device State</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2018 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| //www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p> |
| The device state indicates how freely software can be flashed to a device and |
| whether verification is enforced. Device states are <code>LOCKED</code> and |
| <code>UNLOCKED</code>. <code>LOCKED</code> devices prevent you from flashing new |
| software to the device, whereas <code>UNLOCKED</code> devices allow |
| modification. |
| </p> |
| <p> |
| When a device powers on, the bootloader first checks if a device is |
| <code>LOCKED</code> or <code>UNLOCKED</code>. If a device is |
| <code>UNLOCKED</code>, the bootloader shows the user a warning and then proceeds |
| to boot even if the loaded OS isn't signed by the root of trust. |
| </p> |
| <p> |
| If the device is <code>LOCKED</code>, the bootloader goes through the steps in |
| <a href="/security/verifiedboot/verified-boot">Verifying Boot</a> to verify |
| the device's software. <code>LOCKED</code> devices boot <em>only</em> if the |
| loaded OS is properly signed by the root of trust. For more details, see |
| <a href="/security/verifiedboot/boot-flow">The boot flow</a>. |
| </p> |
| |
| <h2 id="changing-device-state">Changing device state</h2> |
| <p> |
| To <a href="/devices/bootloader/unlock-trusty">change a device's state</a>, use |
| the <code>fastboot flashing [unlock | lock]</code> command. To protect user |
| data, <em>all</em> state transitions wipe the data partitions and ask for user |
| confirmation before data is deleted. |
| </p> |
| <p> |
| The <code>UNLOCKED</code> to <code>LOCKED</code> transition is anticipated when |
| a user buys a used development device. As a result of locking the device, the |
| user should have confidence that it is in a state produced by the device |
| manufacturer, as long as there is no warning. The <code>LOCKED</code> to |
| <code>UNLOCKED</code> transition is expected when a developer wishes to disable |
| verification on the device for development purposes. |
| </p> |
| |
| <h2 id="root-of-trust">Root of Trust</h2> |
| <p> |
| <em>Root of trust</em> is the cryptographic key used to sign the copy of Android |
| stored on the device. The private part of the root of trust is known only to the |
| device manufacturer and is used to sign every version of Android intended for |
| distribution. The public part of the root of trust is embedded in the device and |
| is stored in a place so it cannot be tampered with (typically read-only |
| storage). |
| </p> |
| <p> |
| When it loads Android, the bootloader uses the root of trust to verify |
| authenticity. For more details on this process, see |
| <a href="/security/verifiedboot/verified-boot">Verifying Boot</a>. Devices may have |
| multiple boot loaders and as such multiple cryptographic keys may be in play. |
| </p> |
| <h3 id="user-settable-root-of-trust">User-settable root of trust</h3> |
| <p> |
| Devices can optionally allow the user to configure the root of trust (for |
| example, a public key). Devices can use this user-settable root of trust for |
| Verified Boot instead of the built-in root of trust. This allows the user to |
| install and use custom versions of Android without sacrificing the security |
| improvements of Verified Boot. |
| </p> |
| <p> |
| If user-settable root of trust is implemented, it should be done in a way such |
| that: |
| </p> |
| <ul> |
| <li>Physical confirmation is required to set/clear the user-settable root of |
| trust.</li> |
| <li>The user-settable root of trust can only be set by the end user. It cannot |
| be set at the factory or any intermediate point before the end user gets the |
| device.</li> |
| <li>The user-settable root of trust is stored in tamper-evident storage. |
| <em>Tamper-evident</em> means that it's possible to detect if Android has |
| tampered with the data, for example, if it has been overwritten or changed. |
| </li> |
| <li>If an user-settable root of trust is set, the device should allow a version |
| of Android signed with either the built-in root of trust or the user-settable |
| root of trust to boot.</li> |
| <li>Every time the device boots using the user-settable root of trust, the user |
| should be notified that the device is loading a custom version of Android. For |
| example waring screens, see |
| <a href="/security/verifiedboot/boot-flow#locked-devices-with-custom-key-set"><code>LOCKED</code> |
| devices with custom key set</a>.</li> |
| </ul> |
| <p> |
| One way of implementing user-settable root of trust is to have a virtual |
| partition that can only be flashed or cleared when the device is in the |
| <code>UNLOCKED</code> state. The Google Pixel 2 devices use this approach and |
| the virtual partition is called <code>avb_custom_key</code>. The format of the |
| data in this partition is the output of the |
| <code>avbtool extract_public_key</code> command. Here's an example of how to set |
| the user-settable root of trust: |
| </p> |
| |
| |
| <pre |
| class="prettyprint"><code class="devsite-terminal">avbtool extract_public_key --key key.pem --output pkmd.bin</code> |
| <code class="devsite-terminal">fastboot flash avb_custom_key pkmd.bin</code> |
| </pre> |
| <p> |
| The user-settable root of trust can be cleared by issuing: |
| </p> |
| |
| <pre |
| class="devsite-terminal devsite-click-to-copy">fastboot erase avb_custom_key |
| </pre> |
| </body> |
| </html> |