diff options
| author | Bowgo Tsai <bowgotsai@google.com> | 2021-02-05 14:44:05 +0800 |
|---|---|---|
| committer | Bowgo Tsai <bowgotsai@google.com> | 2021-02-08 21:36:15 +0800 |
| commit | ec10d3cf6e328da90dd4a388761d2d26543fce8f (patch) | |
| tree | 8287432f57a5a3d2650c611b17848010500e2086 /code_coverage/Android.bp | |
| parent | e1ee7873b336628b381dce2dd35d99ffac8f0275 (diff) | |
libfs_avb: verifying vbmeta digest early
We should check FLAGS_VERIFICATION_DISABLED is set or not
after verifying the vbmeta digest against `androidboot.vbmeta.digest`
from bootloader. This is to ensure the /vbmeta content is not
changed since the bootloader has verified it.
We still allow vbmeta digest verification error if the device is
unlocked. Note that this change will introduce a limitation that
the device will not boot if:
1. The image is signed with FLAGS_VERIFICATION_DISABLED is set
2. The device state is locked
However, it should not be a concern as we shouldn't boot a locked
device without verification.
Bug: 179452884
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2,
boot the device, then `adb shell touch /metadata/gsi/dsu/avb_enforce`.
Reboot the device, checks the device does not boot because
`androidboot.vbmeta.digest` is empty but AVB is enforced.
Change-Id: Id15a25403d16b36d528dc3b8998910807e801ad2
Diffstat (limited to 'code_coverage/Android.bp')
0 files changed, 0 insertions, 0 deletions