Is dm-verity table still used with android verified boot 2.0?

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Is dm-verity table still used with android verified boot 2.0?

2,782件の閲覧回数
fletcher
Contributor I

Google's AVB 2.0 documentation describes that hashtree is stored with the partitions and their root hash is stored in vbmeta.

Screenshot_2020-12-28 Android Verified Boot 2 0.png

However, Android's documentation on implementing dm-verity describes that dm-verity table is constructed over hashtree and it is then stored with the partition together with its signature.

Another blog describes android verified 2.0 together with verification of dm-verity table.

Screenshot_2020-12-28 a918bf629d5106faa4dea4824b1f4bee png (JPEG Image, 593 × 642 pixels).png

Is hashtree stored with the partititon or is dm-verity table constructed over hashtree which is then stored with the partition?

0 件の賞賛
返信
3 返答(返信)

2,758件の閲覧回数
joanxie
NXP TechSupport
NXP TechSupport
0 件の賞賛
返信

2,751件の閲覧回数
fletcher
Contributor I

Your post explains that hashtree is appended to the partitions image. Does that mean that dm-verity table is no longer used? In AVB 1.0 dm-verity table used to be generated over hashtree which was then appended to the partitions and verified by /boot/verity_key.

0 件の賞賛
返信

2,734件の閲覧回数
joanxie
NXP TechSupport
NXP TechSupport

The Android Verified Boot 2.0

Relies in a hash tree which is verified at Kernel level in a continuous process. As file system partitions may no fit into memory the integrity is verified as data is loaded into memory.

 
 

Picture1.png

 

Reference and more details:

https://android.googlesource.com/platform/external/avb/+/master/README.md

0 件の賞賛
返信