Is dm-verity table still used in android verified boot 2.0?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Is dm-verity table still used in android verified boot 2.0?

Coapprentice

It seems instead of using dm-verity table, Android Verified Boot 2.0 only uses hashtree whose root hash is stored in vbmeta partition and vbmeta is signed by the OEM.

Android Verified Boot 2.png

Hashtree also doesn't have to be appended with each partition because integrity can be verified by reconstructing the hashtree in memory at boot time and comparing its root hash with the one stored in vbmeta.

Does it need dm-verity table or only hashtree in the footer of each partition?

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/efc5b112-4cbe-455e-9968-c66e4bb3a66fn%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Is dm-verity table still used in android verified boot 2.0?

Coapprentice
So I was right. Both dm-verity table and hashtree are optional to include in footer. To verify a partition, storing its hash and hashtree descriptor in vbmeta is enough because hash and hashtree are reconstructed in memory at boot time for integrity checking anyway. The only requirement is vbmeta should be signed.

On Tuesday, February 23, 2021 at 5:34:18 AM UTC+5:30 Coapprentice wrote:

It seems instead of using dm-verity table, Android Verified Boot 2.0 only uses hashtree whose root hash is stored in vbmeta partition and vbmeta is signed by the OEM.

Android Verified Boot 2.png

Hashtree also doesn't have to be appended with each partition because integrity can be verified by reconstructing the hashtree in memory at boot time and comparing its root hash with the one stored in vbmeta.

Does it need dm-verity table or only hashtree in the footer of each partition?

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/089849a4-d459-4093-9e2d-94d358d3318cn%40googlegroups.com.