Verified Boot strives to ensure all executed code comes from a trusted source (usually device OEMs), rather than from an attacker or corruption. It establishes a full chain of trust, starting from a hardware-protected root of trust to the bootloader, to the boot partition and other verified partitions including
vendor, and optionally
oem partitions. During device boot up, each stage verifies the integrity and authenticity of the next stage before handing over execution.
In addition to ensuring that devices are running a safe version of Android, Verified Boot checks for the correct version of Android with rollback protection. Rollback protection helps to prevent a possible exploit from becoming persistent by ensuring devices only update to newer versions of Android.
In addition to verifying the OS, Verified Boot also allows Android devices to communicate their state of integrity to the user.
Android 4.4 added support for Verified Boot and the dm-verity kernel feature. This combination of verifying features served as Verified Boot 1.
Where previous versions of Android warned users about device corruption, but still allowed them to boot their devices, Android 7.0 started strictly enforcing Verified Boot to prevent compromised devices from booting. Android 7.0 also added support for forward error correction to improve reliability against non-malicious data corruption.
Android 8.0 and higher includes Android Verified Boot (AVB), a reference implementation of Verified Boot that works with Project Treble. In addition to working with Treble, AVB standardized partition footer format and added rollback protection features.
(abbr.): Virtual Private Network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. It provides access to resources that may be inaccessible on the public network, and is typically used for telecommuting workers. Encryption is a common, although not an inherent, part of a VPN connection.
A VPN is created by establishing a virtual point-to-point connection through the use of dedicated circuits or with tunneling protocols over existing networks. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely.
Back to overview