diff options
author | Unsuk Jung <unsuk@google.com> | 2015-06-08 19:03:24 -0700 |
---|---|---|
committer | Unsuk Jung <unsuk@google.com> | 2015-06-09 19:27:25 +0000 |
commit | 49f01bbf99743564090dd539e70dc28b47a5cdfd (patch) | |
tree | 9cb6ae173699bc620ab1d9dc580df99e9bce2fd6 /src | |
parent | c927cd92b39b50a1478a93f8c0317f4c11d827ab (diff) | |
download | source.android.com-49f01bbf99743564090dd539e70dc28b47a5cdfd.tar.gz |
Docs: Clarify the definition of 'verified boot'
Clarify further the requirement of 'verified boot'
Bug: 19921539
Change-Id: Ib36a92a87e647c4db72af86eec5bb2c4252c7445
Diffstat (limited to 'src')
-rw-r--r-- | src/compatibility/5.1/android-5.1-cdd.html | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/src/compatibility/5.1/android-5.1-cdd.html b/src/compatibility/5.1/android-5.1-cdd.html index 0e59cec2..410597d3 100644 --- a/src/compatibility/5.1/android-5.1-cdd.html +++ b/src/compatibility/5.1/android-5.1-cdd.html @@ -4235,13 +4235,27 @@ feature dm-crypt.</p> <h2 id="9_10_verified_boot">9.10. Verified Boot</h2> - -<p>Device implementations SHOULD support verified boot for device integrity, and -if the feature is supported it MUST declare the platform feature flag -android.software.verified_boot. While this requirement is stated as SHOULD for -this version of the Android platform, it is <strong>very strongly RECOMMENDED</strong> as we expect this to change to MUST in the future versions of Android. The -upstream Android Open Source Project provides a preferred implementation of -this feature based on the linux kernel feature dm-verity.</p> +<p> +Verified boot is a feature that guarantees the integrity of the device software. +If a device implementation supports the feature, it MUST: +<ul> +<li>Declare the platform feature flag android.software.verified_boot</li> +<li>Perform verification on every boot sequence</li> +<li>Start verification from a hardware key that is the root of trust, and go +all the way up to the system partition</li> +<li>Implement each stage of verification to check the integrity and authenticity +of all the bytes in the next stage before executing the code in the next stage</li> +<li>Use verification algorithms as strong as current recommendations +from NIST for hashing algorithms (SHA-256) and public key sizes (RSA-2048)</li> +</ul> +</p> + +<p>Device implementations SHOULD support verified boot for device integrity. +While this requirement is SHOULD for this version of the Android platform, +it is <strong>strongly RECOMMENDED</strong> as we expect this to change to MUST +in future versions of Android. The upstream Android Open Source Project provides +a preferred implementation of this feature based on the linux kernel feature dm-verity. +</p> <h1 id="10_software_compatibility_testing">10. Software Compatibility Testing</h1> |