自 2025 年 3 月 27 日起,我们建议您使用 android-latest-release
而非 aosp-main
构建 AOSP 并为其做出贡献。如需了解详情,请参阅 AOSP 的变更。
启动时验证
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
启动时验证会尽力确保所有已执行代码均来自可信来源(通常是设备的 OEM),以防受到攻击或损坏。它可建立一条从受硬件保护的信任根到引导加载程序,再到 boot 分区和其他已验证分区(包括 system
、vendor
和可选的 oem
分区)的完整信任链。在设备启动过程中,无论是在哪个阶段,都会在进入下一个阶段之前先验证下一个阶段的完整性和真实性。
除了确保设备运行的是安全的 Android 版本外,启动时验证还会检查 Android 版本是否为具有回滚保护的正确版本。回滚保护可确保设备只会更新到更高的 Android 版本,从而帮助避免可能的漏洞持续存在。
除了验证操作系统外,启动时验证还允许 Android 设备将其完整性状态传达给用户。
背景
Android 4.4 增加了对启动时验证和 dm-verity 内核功能的支持。这种验证功能组合就是启动时验证 1。
以前的 Android 版本会在发现设备损坏时向用户发出警告,但仍然允许他们启动设备;从 Android 7.0 开始,系统会严格强制执行启动时验证,从而使已破解的设备无法启动。Android 7.0 还增加了对前向纠错功能的支持,有助于更可靠地防范非恶意数据损坏。
Android 8.0 及更高版本包含 Android 启动时验证 (AVB),AVB 是启动时验证的一个参考实现,可与 Project Treble 配合使用。除了与 Treble 配合使用外,AVB 还对分区脚本格式进行了标准化并增添了回滚保护功能。
本页面上的内容和代码示例受内容许可部分所述许可的限制。Java 和 OpenJDK 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-07-27。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-07-27。"],[],[],null,["# Verified Boot strives to ensure all executed code comes from a trusted source\n(usually device OEMs), rather than from an attacker or corruption. It\nestablishes a full chain of trust, starting from a hardware-protected root of\ntrust to the bootloader, to the boot partition and other verified partitions\nincluding `system`, `vendor`, and optionally\n`oem` partitions. During device boot up, each stage verifies the\nintegrity and authenticity of the next stage before handing over execution.\n\n\nIn addition to ensuring that devices are running a safe version of Android,\nVerified Boot checks for the correct version of Android with\n[rollback\nprotection](/docs/security/features/verifiedboot/verified-boot#rollback-protection). Rollback protection helps to prevent a possible\nexploit from becoming persistent by ensuring devices only update to newer\nversions of Android.\n\n\nIn addition to verifying the OS, Verified Boot also allows Android devices to\ncommunicate their state of integrity to the user.\n\nBackground\n----------\n\n\nAndroid 4.4 added support for Verified Boot and the\n[dm-verity](/docs/security/features/verifiedboot/dm-verity) kernel feature. This\ncombination of verifying features served as Verified Boot 1.\n\n\nWhere previous versions of Android warned users about device corruption, but\nstill allowed them to boot their devices, Android 7.0 started strictly enforcing\nVerified Boot to prevent compromised devices from booting. Android 7.0 also\nadded support for forward error correction to improve reliability against\nnon-malicious data corruption.\n\n\nAndroid 8.0 and higher includes\n[Android Verified Boot](/docs/security/features/verifiedboot/avb) (AVB), a\nreference implementation of Verified Boot that works with Project Treble. In\naddition to working with Treble, AVB standardized partition footer format and\nadded rollback protection features."]]