diff options
| author | Danny Lin <danny@kdrag0n.dev> | 2021-10-05 19:06:04 -0700 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2022-01-26 23:10:42 +0800 |
| commit | 375d7503efe8553bf21384d48be54d6e946f8514 (patch) | |
| tree | 0b38200de5ad959e5116c195535ea0716ffd00a1 /trusty/coverage/coverage.cpp | |
| parent | c711763ced44cb54557027c44c57262cbaa60048 (diff) | |
libfs_avb: Disable dm-verity when AVB is permissive
When the bootloader is unlocked (i.e. AVB is permissive), enforcing
dm-verity on system partitions is meaningless because the bootloader
doesn't enforce verification on the root of the high-level verified boot
chain: the kernel. As a result, mounting system partitions with
dm-verity (hashtree verification) is futile when the code performing
verification has not been verified in the first place; users can also
disable dm-verity manually by flashing vbmeta with `fastboot flash
--disable-verity vbmeta vbmeta.img`.
For user and developer convenience, disable dm-verity automatically when
the bootloader is unlocked by checking for permissive AVB. This makes it
possible to ship enforcing vbmeta images for security-conscious users to
lock their bootloader and reap the benefits of verified boot, while
still allowing users with unlocked bootloaders to modify system
partitions.
Change-Id: Ie88362cfbda75561ef450e00fdc82ade221facb5
Diffstat (limited to 'trusty/coverage/coverage.cpp')
0 files changed, 0 insertions, 0 deletions