Is dm-verity table still used with android verified boot 2.0?

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Is dm-verity table still used with android verified boot 2.0?

2,670 次查看
fletcher
Contributor I

Google's AVB 2.0 documentation describes that hashtree is stored with the partitions and their root hash is stored in vbmeta.

Screenshot_2020-12-28 Android Verified Boot 2 0.png

However, Android's documentation on implementing dm-verity describes that dm-verity table is constructed over hashtree and it is then stored with the partition together with its signature.

Another blog describes android verified 2.0 together with verification of dm-verity table.

Screenshot_2020-12-28 a918bf629d5106faa4dea4824b1f4bee png (JPEG Image, 593 × 642 pixels).png

Is hashtree stored with the partititon or is dm-verity table constructed over hashtree which is then stored with the partition?

0 项奖励
回复
3 回复数

2,646 次查看
joanxie
NXP TechSupport
NXP TechSupport
0 项奖励
回复

2,639 次查看
fletcher
Contributor I

Your post explains that hashtree is appended to the partitions image. Does that mean that dm-verity table is no longer used? In AVB 1.0 dm-verity table used to be generated over hashtree which was then appended to the partitions and verified by /boot/verity_key.

0 项奖励
回复

2,622 次查看
joanxie
NXP TechSupport
NXP TechSupport

The Android Verified Boot 2.0

Relies in a hash tree which is verified at Kernel level in a continuous process. As file system partitions may no fit into memory the integrity is verified as data is loaded into memory.

 
 

Picture1.png

 

Reference and more details:

https://android.googlesource.com/platform/external/avb/+/master/README.md

0 项奖励
回复