Clone this repo:


  1. a0885c9 Add IPC port to manifest by Andrei Homescu · 1 year, 8 months ago main master
  2. 1e716c5 Build AVB host test conditionally by perl · 2 years, 2 months ago
  3. 9b69c7c Add avb app to userspace library build system by Stephen Crane · 3 years, 2 months ago
  4. 1a9c122 Change TLOGI calls in normal execution path to TLOGD by Armelle Laine · 2 years, 8 months ago
  5. 0488699 Switch from manifest.c to manifest.json config by Rajesh Nyamagoud · 3 years, 9 months ago

AVB resource manager

The AVB (Android Verified Boot) resource manager is intended to provide tamper proof storage for data used by libavb. This includes the verified boot lock state, stored rollback index values, and ATX (Android Things eXtension) permanent attributes.


Reading/Writing Stored Rollback Indexes

Rollback indexes are strictly increasing, and any request to write a value to a rollback index that is smaller than the existing value will fail. A mask (0xF000) is used to map a rollback index to a file, and a file may contain a maximum of 32 rollback indexes. For example, 0xF01F and 0x0001 are valid values for the rollback index, but 0x10000 and 0x0020 are not.

Reading/Writing Verified Boot Lock State

If the lock state is 1, or LOCKED, then verification errors are fatal, and booting MUST fail. If the lock state is 0, or UNLOCKED, the device may boot even when verification fails. When the device changes lock state, all stored rollback indexes are cleared.

Reading/Writing ATX Permanent Attributes

A hash of the attributes MUST be stored in write-once fuses. Once this is written, any subsequent requests to write it will fail. Attributes are stored as an opaque buffer and parsed by the bootloader.

Locking Boot State

Once the AVB resource manager receives a LOCK_BOOT_STATE request, all requests to write to resources will fail until the next reboot. This should be called after libavb has acquired all necessary resources, and before the bootloader passes control to the HLOS. This prevents a compromised HLOS from tampering with AVB resources.

Client Code

Since libavb is executed by the bootloader, the non-secure side API that makes requests to the AVB resource manager is located here.