diff options
author | David Zeuthen <zeuthen@google.com> | 2019-05-15 16:54:02 -0400 |
---|---|---|
committer | David Zeuthen <zeuthen@google.com> | 2019-07-30 16:44:22 -0400 |
commit | 36d41d922380ce2423b32c69e1ff6c00c3134e6e (patch) | |
tree | 90df1dc943c6ae0bdb5bdb3502cb6f13e2560e2b /README.md | |
parent | 81dd5055b1e1b1891e26e08c94817d05ccf6c44a (diff) | |
download | avb-36d41d922380ce2423b32c69e1ff6c00c3134e6e.tar.gz |
Add AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION flag.
On Android devices not using A/B, the recovery partition usually isn't
updated along with other partitions and therefore can't be referenced
from the main vbmeta partition.
To make it possible to use AVB to protect this partition (and others)
add a new flag AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION which can be
passed to avb_slot_verify(). In this mode the vbmeta partition is
never read from and the key used to sign each requested partition is
verified by a new validate_public_key_for_partition() operation which
is also used to return the rollback index location to be used.
Test: New unit test + all unit tests pass.
Bug: 130351427
Change-Id: Iaa886037edb18c2ff6c60fa2a7f883ab7303ba1a
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -27,6 +27,7 @@ Verified Boot 2.0. Usually AVB is used to refer to this codebase. + [Persistent Digests](#Persistent-Digests) + [Updating Stored Rollback Indexes](#Updating-Stored-Rollback-Indexes) + [Recommended Bootflow](#Recommended-Bootflow) + + [Booting Into Recovery](#Booting-Into-Recovery) + [Handling dm-verity Errors](#Handling-dm_verity-Errors) + [Android Specific Integration](#Android-Specific-Integration) + [Device Specific Notes](#Device-Specific-Notes) @@ -917,6 +918,19 @@ Notes: be used to convey that the device is UNLOCKED (lightbars, LEDs, etc.). +### Booting Into Recovery + +On Android devices not using A/B, the `recovery` partition usually isn't +updated along with other partitions and therefore can't be referenced +from the main `vbmeta` partition. + +It's still possible to use AVB to protect this partition (and others) +by signing these partitions and passing the +`AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION` flag to `avb_slot_verify()`. +In this mode, the key used to sign each requested partition is verified +by the `validate_public_key_for_partition()` operation which is also +used to return the rollback index location to be used. + ## Handling dm-verity Errors By design, hashtree verification errors are detected by the HLOS and |