| <html devsite> |
| <head> |
| <title>Verified Boot</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p> |
| Verified Boot strives to ensure all executed code comes from a trusted source |
| (usually device OEMs), rather than from an attacker or corruption. It |
| establishes a full chain of trust, starting from a hardware-protected root of |
| trust to the bootloader, to the boot partition and other verified partitions |
| including <code>system</code>, <code>vendor</code>, and optionally |
| <code>oem</code> partitions. During device boot up, each stage verifies the |
| integrity and authenticity of the next stage before handing over execution. |
| </p> |
| <p> |
| In addition to ensuring that devices are running a safe version of Android, |
| Verified Boot check for the correct version of Android with |
| <a href="/security/verifiedboot/verified-boot#rollback-protection">rollback |
| protection</a>. Rollback protection helps to prevent a possible |
| exploit from becoming persistent by ensuring devices only update to newer |
| versions of Android. |
| </p> |
| <p> |
| In addition to verifying the OS, Verified Boot also allows Android devices to |
| communicate their state of integrity to the user. |
| </p> |
| <h2 id="background">Background</h2> |
| <p> |
| Android 4.4 added support for Verified Boot and the |
| <a href="/security/verifiedboot/dm-verity">dm-verity</a> kernel feature. This |
| combination of verifying features served as Verified Boot 1. |
| </p> |
| <p> |
| Where previous versions of Android warned users about device corruption, but |
| still allowed them to boot their devices, Android 7.0 started strictly enforcing |
| Verified Boot to prevent compromised devices from booting. Android 7.0 also |
| added support for forward error correction to improve reliability against |
| non-malicious data corruption. |
| </p> |
| <p> |
| Android 8.0 and higher includes |
| <a href="/security/verifiedboot/avb">Android Verified Boot</a> (AVB), a |
| reference implementation of Verified Boot that works with Project Treble. In |
| addition to working with Treble, AVB standardized partition footer format and |
| added rollback protection features. |
| </p> |
| |
| </body> |
| </html> |