blob: f6a8e42b82347858235845d99fe7ac0db3ef8c0f [file]
<html devsite>
<head>
<title>Android Verified Boot</title>
<meta name="project_path" value="/_project.yaml" />
<meta name="book_path" value="/_book.yaml" />
</head>
<body>
<!--
Copyright 2018 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
//www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>
Android 8.0 and higher includes a reference implementation of Verified Boot
called Android Verified Boot (AVB) or Verified Boot 2.0. AVB in a version of
Verified Boot that works with <a
href="/devices/architecture/#hidl">Project Treble</a>
architecture, which separates the Android framework from the underlying vendor
implementation.
</p>
<p>
AVB is integrated with the Android Build System and enabled by
a single line, which takes care of generating and signing all necessary dm-verity
metadata. For more information, see <a
href="https://android.googlesource.com/platform/external/avb/+/master/README.md#Build-System-Integration"
class="external">Build System Integration</a>.
</p>
<p>AVB provides libavb, which is a C library to be used at boot time for
verifying Android. You can integrate libavb with your bootloader by implementing a
<a href="https://android.googlesource.com/platform/external/avb/+/master/libavb/avb_ops.h"
class="external">platform-specific functionality</a> for I/O, providing the root
of trust, and getting/setting rollback protection metadata.
</p>
<p>
AVB's key features include delegating updates for different
partitions, a common footer format for signing partitions, and protection from
attackers rolling back to a vulnerable version of Android.
</p>
For more implementation details, see <code><a
href="https://android.googlesource.com/platform/external/avb/+/master/README.md"
class="external">/platform/external/avb/README.md</a></code>.
</body>
</html>