Is dm-verity table still used with android verified boot 2.0?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is dm-verity table still used with android verified boot 2.0?

2,728 Views
fletcher
Contributor I

Google's AVB 2.0 documentation describes that hashtree is stored with the partitions and their root hash is stored in vbmeta.

Screenshot_2020-12-28 Android Verified Boot 2 0.png

However, Android's documentation on implementing dm-verity describes that dm-verity table is constructed over hashtree and it is then stored with the partition together with its signature.

Another blog describes android verified 2.0 together with verification of dm-verity table.

Screenshot_2020-12-28 a918bf629d5106faa4dea4824b1f4bee png (JPEG Image, 593 × 642 pixels).png

Is hashtree stored with the partititon or is dm-verity table constructed over hashtree which is then stored with the partition?

0 Kudos
Reply
3 Replies

2,704 Views
joanxie
NXP TechSupport
NXP TechSupport
0 Kudos
Reply

2,697 Views
fletcher
Contributor I

Your post explains that hashtree is appended to the partitions image. Does that mean that dm-verity table is no longer used? In AVB 1.0 dm-verity table used to be generated over hashtree which was then appended to the partitions and verified by /boot/verity_key.

0 Kudos
Reply

2,680 Views
joanxie
NXP TechSupport
NXP TechSupport

The Android Verified Boot 2.0

Relies in a hash tree which is verified at Kernel level in a continuous process. As file system partitions may no fit into memory the integrity is verified as data is loaded into memory.

 
 

Picture1.png

 

Reference and more details:

https://android.googlesource.com/platform/external/avb/+/master/README.md

0 Kudos
Reply