1 page.title=Verified Boot 2 @jd:body 3 4 <!-- 5 Copyright 2015 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <div id="qv-wrapper"> 20 <div id="qv"> 21 <h2>In this document</h2> 22 <ol id="auto-toc"> 23 </ol> 24 </div> 25 </div> 26 27 <h2 id="introduction">Introduction</h2> 28 29 <p>Android 4.4 and later supports verified boot through the optional device-mapper-verity 30 (dm-verity) kernel feature, which provides transparent integrity checking of 31 block devices. dm-verity helps prevent persistent rootkits that can hold onto 32 root privileges and compromise devices. This experimental feature helps Android 33 users be sure when booting a device it is in the same state as when it was last 34 used.</p> 35 36 <p>Clever malware with root privileges can hide from detection programs and 37 otherwise mask themselves. The rooting software can do this because it is often 38 more privileged than the detectors, enabling the software to "lie" to to the 39 detection programs.</p> 40 41 <p>The dm-verity feature lets you look at a block device, the underlying storage 42 layer of the file system, and determine if it matches its expected 43 configuration. It does this using a cryptographic hash tree. For every block 44 (typically 4k), there is a SHA256 hash.</p> 45 46 <p>And since the hash values are stored in a tree of pages, only the top-level 47 "root" hash must be trusted to verify the rest of the tree. The ability to 48 modify any of the blocks would be equivalent to breaking the cryptographic hash. 49 See the following diagram for a depiction of this structure.</p> 50 51 <img src="../images/dm-verity-hash-table.png" alt="dm-verity-hash-table" id="figure1"/> 52 <p class="img-caption"> 53 <strong>Figure 1.</strong> dm-verity hash table 54 </p> 55 56 <p> 57 A public key is included on the boot partition, which must be verified 58 externally by the OEM. That key is used to verify the signature for that hash 59 and confirm the device's system partition is protected and unchanged.</p> 60 61 <h2 id="prerequisites">Prerequisites</h2> 62 63 <h3 id="verified-boot">Establishing a verified boot flow</h3> 64 <p>To greatly reduce the risk of compromise, verify the kernel using a key 65 burned into the device. For details, see <a href="verified-boot.html">Verified boot</a>.</p> 66 67 <h3 id="block-otas">Switching to block-oriented OTAs</h3> 68 <p>To enable dm-verity for a device, you must use block-based over-the-air 69 (OTA) updates to ensure all devices use the same system partition. For details, 70 see <a href="{@docRoot}devices/tech/ota/block.html">Block-Based OTAs</a>.</p> 71 72 <h3 id="config-dm-verity">Configuring dm-verity</h3> 73 74 <p>After switching to block-oriented OTAs, incorporate the latest Android kernel or 75 use a stock upstream kernel and enable dm-verity support by including the 76 relevant configuration option:<br/> 77 <code>CONFIG_DM_VERITY 78 </code></p> 79 <p>When using the Android kernel, dm-verity is turned on when the kernel is built. For details, see <a href="dm-verity.html">Implementing dm-verity</a>.</p> 80 81 <h2 id="supporting-docs">Supporting documentation</h2> 82 <p><a href="verified-boot.html">Verifying Boot</a><br/> 83 <a href="{@docRoot}devices/tech/ota/block.html">Block-Based OTA</a><br/> 84 <a href="dm-verity.html">Implementing dm-verity</a><br/> 85 <a href="https://code.google.com/p/cryptsetup/wiki/DMVerity">cryptsetup - dm-verity: device-mapper block integrity checking 86 target</a><br/> 87 <a href="http://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot">The Chromium Projects - Verified 88 Boot</a><br/> 89 <a 90 href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=Documentation/device-mapper/verity.txt">Linux Kernel Documentation: 91 verity.txt</a></p> 92 93 <p>For additional assistance, contact <a href="mailto:security (a] android.com">security (a] android.com</a>.</p> 94
