en/security/verifiedboot/index.html - platform/docs/source.android.com - Git at Google

 <html devsite>
   <head>
     <title>Verified Boot</title>
     <meta name="project_path" value="/_project.yaml" />
     <meta name="book_path" value="/_book.yaml" />
   </head>
   <body>
   <!--
       Copyright 2017 The Android Open Source Project

       Licensed under the Apache License, Version 2.0 (the "License");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at

           http://www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software
       distributed under the License is distributed on an "AS IS" BASIS,
       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and
       limitations under the License.
   -->
 <p>
 Verified Boot strives to ensure all executed code comes from a trusted source
 (usually device OEMs), rather than from an attacker or corruption. It
 establishes a full chain of trust, starting from a hardware-protected root of
 trust to the bootloader, to the boot partition and other verified partitions
 including <code>system</code>, <code>vendor</code>, and optionally
 <code>oem</code> partitions. During device boot up, each stage verifies the
 integrity and authenticity of the next stage before handing over execution.
 </p>
 <p>
 In addition to ensuring that devices are running a safe version of Android,
 Verified Boot check for the correct version of Android with
 <a href="/security/verifiedboot/verified-boot#rollback-protection">rollback
 protection</a>. Rollback protection helps to prevent a possible
 exploit from becoming persistent by ensuring devices only update to newer
 versions of Android.
 </p>
 <p>
 In addition to verifying the OS, Verified Boot also allows Android devices to
 communicate their state of integrity to the user.
 </p>
 <h2 id="background">Background</h2>
 <p>
 Android 4.4 added support for Verified Boot and the
 <a href="/security/verifiedboot/dm-verity">dm-verity</a> kernel feature. This
 combination of verifying features served as Verified Boot 1.
 </p>
 <p>
 Where previous versions of Android warned users about device corruption, but
 still allowed them to boot their devices, Android 7.0 started strictly enforcing
 Verified Boot to prevent compromised devices from booting. Android 7.0 also
 added support for forward error correction to improve reliability against
 non-malicious data corruption.
 </p>
 <p>
 Android 8.0 and higher includes
 <a href="/security/verifiedboot/avb">Android Verified Boot</a> (AVB), a
 reference implementation of Verified Boot that works with Project Treble. In
 addition to working with Treble, AVB standardized partition footer format and
 added rollback protection features.
 </p>

   </body>
 </html>
	<html devsite>
	<head>
	<title>Verified Boot</title>
	<meta name="project_path" value="/_project.yaml" />
	<meta name="book_path" value="/_book.yaml" />
	</head>
	<body>
	<!--
	Copyright 2017 The Android Open Source Project

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<p>
	Verified Boot strives to ensure all executed code comes from a trusted source
	(usually device OEMs), rather than from an attacker or corruption. It
	establishes a full chain of trust, starting from a hardware-protected root of
	trust to the bootloader, to the boot partition and other verified partitions
	including <code>system</code>, <code>vendor</code>, and optionally
	<code>oem</code> partitions. During device boot up, each stage verifies the
	integrity and authenticity of the next stage before handing over execution.
	</p>
	<p>
	In addition to ensuring that devices are running a safe version of Android,
	Verified Boot check for the correct version of Android with
	<a href="/security/verifiedboot/verified-boot#rollback-protection">rollback
	protection</a>. Rollback protection helps to prevent a possible
	exploit from becoming persistent by ensuring devices only update to newer
	versions of Android.
	</p>
	<p>
	In addition to verifying the OS, Verified Boot also allows Android devices to
	communicate their state of integrity to the user.
	</p>
	<h2 id="background">Background</h2>
	<p>
	Android 4.4 added support for Verified Boot and the
	<a href="/security/verifiedboot/dm-verity">dm-verity</a> kernel feature. This
	combination of verifying features served as Verified Boot 1.
	</p>
	<p>
	Where previous versions of Android warned users about device corruption, but
	still allowed them to boot their devices, Android 7.0 started strictly enforcing
	Verified Boot to prevent compromised devices from booting. Android 7.0 also
	added support for forward error correction to improve reliability against
	non-malicious data corruption.
	</p>
	<p>
	Android 8.0 and higher includes
	<a href="/security/verifiedboot/avb">Android Verified Boot</a> (AVB), a
	reference implementation of Verified Boot that works with Project Treble. In
	addition to working with Treble, AVB standardized partition footer format and
	added rollback protection features.
	</p>

	</body>
	</html>