[PATCH v2 0/2] bootstd: android: Allow booting with AVB failures when unlocked
Mattijs Korpershoek
mkorpershoek at baylibre.com
Wed Jan 8 15:38:40 CET 2025
Android Verified Boot (AVB) [1] protects Android systems by providing a
root of trust in the vbmeta partition.
On unlocked devices, system developers might want to disable the root
of trust to reflash only some partitions.
This is officially supported in the Android bootflow [2] but is not
properly implemented in the Android bootmeth.
For development purposes
Add support for this in bootmeth_android.
This has been tested on AM62Px SK EVM with TI's Android 15 release [3]
[1] https://source.android.com/docs/security/features/verifiedboot/avb
[2] https://source.android.com/docs/security/features/verifiedboot/boot-flow#unlocked-devices
[3] https://software-dl.ti.com/processor-sdk-android/esd/AM62PX/10_01_00/docs/devices/AM62PX/android/Release_Specific_Release_Notes.html
Signed-off-by: Mattijs Korpershoek <mkorpershoek at baylibre.com>
---
Changes in v2:
- Re-did patch 2/2 a bit: fixed booting without AVB failures
- Link to v1: https://lore.kernel.org/r/20250108-avb-disable-verif-v1-0-009c35710ef4@baylibre.com
---
Mattijs Korpershoek (2):
bootstd: android: Add missing NULL in the avb partition list
bootstd: android: Allow boot with AVB failures when unlocked
boot/bootmeth_android.c | 39 +++++++++++++++++++++++++--------------
1 file changed, 25 insertions(+), 14 deletions(-)
---
base-commit: 6d41f0a39d6423c8e57e92ebbe9f8c0333a63f72
change-id: 20250108-avb-disable-verif-997f820c0c00
Best regards,
--
Mattijs Korpershoek <mkorpershoek at baylibre.com>
More information about the U-Boot
mailing list