Clone this repo:
  1. 3ce7a20 Add dirgroup for trusty genrule am: 49bb41e6c5 by Inseob Kim · 3 months ago main master
  2. 49bb41e Add dirgroup for trusty genrule by Inseob Kim · 3 months ago main-16k
  3. ff1220d test: rules.mk: avb_test host test add unittest dep am: 81e8963ee9 by Armelle Laine · 4 months ago
  4. 81e8963 test: rules.mk: avb_test host test add unittest dep by Armelle Laine · 4 months ago
  5. 7d3c069 Use LKROOT as the path to LK am: ac0c10dc51 am: 043d33b82c by Andrei Homescu · 11 months ago android14-qpr3-release android14-qpr3-s10-release android14-qpr3-s11-release android14-qpr3-s12-release android14-qpr3-s13-release android14-qpr3-s14-release android14-qpr3-s15-release android14-qpr3-s2-release android14-qpr3-s3-release android14-qpr3-s4-release android14-qpr3-s5-release android14-qpr3-s6-release android14-qpr3-s7-release android14-qpr3-s8-release android14-qpr3-s9-release android15-automotiveos-dev android15-platform-release android15-prebuilt-test android15-qpr1-release android15-qpr1-s3-release android15-qpr1-s4-release android15-qpr1-s5-release android15-release android15-s1-release android15-security-release android15-tests-dev android15-tests-release aml_adb_351010000 aml_ads_351017080 aml_ads_351121120 aml_art_350913340 aml_art_351011240 aml_art_351011340 aml_art_351110180 aml_ase_351010000 aml_ase_351112060 aml_ase_351114000 aml_cbr_350910020 aml_cbr_351011020 aml_cbr_351111000 aml_cfg_351010000 aml_con_351010000 aml_con_351110000 aml_doc_350915120 aml_doc_351012120 aml_doc_351113060 aml_ext_350912020 aml_ext_351122080 aml_hef_350921160 aml_hef_351016140 aml_ips_351010000 aml_ips_351111040 aml_med_350914000 aml_med_351010060 aml_mpr_350914160 aml_mpr_351013100 aml_mpr_351013160 aml_net_350911020 aml_net_351010000 aml_net_351010020 aml_net_351111100 aml_net_351111140 aml_odp_351020000 aml_odp_351121040 aml_per_350910080 aml_per_351014000 aml_per_351112280 aml_per_351112300 aml_res_351011000 aml_res_351111020 aml_rkp_350910000 aml_rkp_351011000 aml_sch_351010000 aml_sdk_350910000 aml_sdk_351110000 aml_sta_350911020 aml_sta_351110040 aml_tet_350911120 aml_tet_351010220 aml_tet_351110060 aml_tz6_351010000 aml_uwb_350911040 aml_uwb_351011040 aml_wif_350912040 aml_wif_351010040 aml_wif_351110060 android-14.0.0_r50 android-14.0.0_r51 android-14.0.0_r52 android-14.0.0_r53 android-14.0.0_r54 android-14.0.0_r55 android-14.0.0_r56 android-14.0.0_r57 android-14.0.0_r58 android-14.0.0_r59 android-14.0.0_r60 android-14.0.0_r61 android-14.0.0_r67 android-14.0.0_r68 android-14.0.0_r69 android-14.0.0_r70 android-14.0.0_r71 android-14.0.0_r72 android-14.0.0_r73 android-14.0.0_r75 android-15.0.0_r1 android-15.0.0_r10 android-15.0.0_r11 android-15.0.0_r12 android-15.0.0_r13 android-15.0.0_r2 android-15.0.0_r3 android-15.0.0_r4 android-15.0.0_r5 android-15.0.0_r6 android-15.0.0_r7 android-15.0.0_r8 android-15.0.0_r9 android-cts-15.0_r1 android-cts-15.0_r2 android-platform-15.0.0_r1 android-platform-15.0.0_r2 android-platform-15.0.0_r3 android-platform-15.0.0_r4 android-security-15.0.0_r1 android-security-15.0.0_r2 android-security-15.0.0_r3 android-security-15.0.0_r4 android-vts-15.0_r1 android-vts-15.0_r2 frc_350820260 frc_350820420 frc_350820440 frc_350820660 frc_350820860 frc_350820960 frc_350822020

AVB resource manager

The AVB (Android Verified Boot) resource manager is intended to provide tamper proof storage for data used by libavb. This includes the verified boot lock state, stored rollback index values, and ATX (Android Things eXtension) permanent attributes.

Operations

Reading/Writing Stored Rollback Indexes

Rollback indexes are strictly increasing, and any request to write a value to a rollback index that is smaller than the existing value will fail. A mask (0xF000) is used to map a rollback index to a file, and a file may contain a maximum of 32 rollback indexes. For example, 0xF01F and 0x0001 are valid values for the rollback index, but 0x10000 and 0x0020 are not.

Reading/Writing Verified Boot Lock State

If the lock state is 1, or LOCKED, then verification errors are fatal, and booting MUST fail. If the lock state is 0, or UNLOCKED, the device may boot even when verification fails. When the device changes lock state, all stored rollback indexes are cleared.

Reading/Writing ATX Permanent Attributes

A hash of the attributes MUST be stored in write-once fuses. Once this is written, any subsequent requests to write it will fail. Attributes are stored as an opaque buffer and parsed by the bootloader.

Locking Boot State

Once the AVB resource manager receives a LOCK_BOOT_STATE request, all requests to write to resources will fail until the next reboot. This should be called after libavb has acquired all necessary resources, and before the bootloader passes control to the HLOS. This prevents a compromised HLOS from tampering with AVB resources.

Client Code

Since libavb is executed by the bootloader, the non-secure side API that makes requests to the AVB resource manager is located here.