Android System Securing, Hardening, & Privacy

Android Verified Boot Demystified: A Deep Dive into the Chain of Trust

By Antigravity Research Published May 29, 2026 ⏱️ 7 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction: Securing Android’s Foundation

In today’s interconnected world, the security of our mobile devices is paramount. Android, being the most widely used mobile operating system, faces constant threats from malware and tampering. To counter these challenges, Google introduced Android Verified Boot (AVB), a critical security feature designed to ensure the integrity of the device’s software from the moment it powers on until the operating system fully loads. This deep dive will demystify AVB, tracing its intricate chain of trust and illustrating how it safeguards your device against unauthorized modifications.

The Imperative for Verified Boot: Trust at Startup

The primary goal of AVB is to prevent a device from booting into a compromised state. Without a robust verification mechanism, a malicious actor could tamper with core system partitions like the bootloader, kernel, or system image. Such tampering could lead to:

  • Installation of persistent malware that survives factory resets.
  • Rooting exploits that grant unauthorized access.
  • Data exfiltration or surveillance.
  • Compromise of sensitive information, including payment credentials.

AVB establishes a cryptographic chain of trust, ensuring that every loaded component is authentic and untampered, starting from an immutable hardware root of trust.

AVB Fundamentals: Building the Chain of Trust

Hardware Root of Trust

The foundation of AVB is the hardware root of trust, typically a Read-Only Memory (ROM) embedded within the SoC (System-on-Chip). This ROM contains an immutable public key or hash, hardcoded by the device manufacturer, which is used to verify the first stage bootloader. Because this ROM cannot be modified, it provides the ultimate trust anchor.

Cryptographic Signatures and Hashing

AVB relies heavily on cryptographic techniques:

  • Hashing: Each partition or block of data is subjected to a cryptographic hash function (e.g., SHA256) to produce a unique fixed-size digest. Any change to the data, even a single bit, will result in a completely different hash.
  • Digital Signatures: The hashes are then signed using a private key held by the OEM or Google. The corresponding public key is embedded in the subsequent stage of the boot chain. During verification, the device uses the public key to decrypt the signature, recomputes the hash of the data, and compares it to the decrypted hash. If they match, the data is deemed authentic.

The AVB Chain of Trust: Step-by-Step Verification

The AVB process is a meticulous sequence of checks, where each stage verifies the next before handing over control.

Stage 0: Boot ROM and Initial Program Loader (IPL)

Upon power-on, the SoC executes code directly from the immutable Boot ROM. This ROM contains the hardware root of trust and is responsible for verifying the integrity and authenticity of the Initial Program Loader (IPL) or Primary Bootloader (PBL). If verification fails, the device typically enters a “bricked” state or a specific recovery mode, preventing any malicious code from executing.

Stage 1: Primary and Secondary Bootloaders

The verified IPL then loads and verifies the next stage, which often involves a sequence of smaller bootloaders (e.g., U-Boot, LK/Little Kernel). Each bootloader verifies the cryptographic signature of the subsequent bootloader or critical partitions it loads. This sequential verification ensures that even early boot components are secure.

Stage 2: boot.img Verification (Kernel and Ramdisk)

Once the bootloaders are verified, the main bootloader’s primary task is to verify the boot.img partition. This image contains the Android kernel and the initial ramdisk. The bootloader uses a public key (or a hash of it) embedded within itself to verify the signature of boot.img‘s header and data. If the boot.img is tampered with, the bootloader will refuse to boot, often displaying a warning message to the user (e.g., “Your device has loaded a different operating system”).

The structure of boot.img has evolved. Modern AVB implementations often rely on vbmeta.img for boot.img verification data.

Stage 3: vbmeta.img and Partition Verification

This is where AVB’s sophisticated design truly shines. Instead of each partition having its own embedded signature, AVB introduces a dedicated vbmeta.img partition. This partition acts as a central repository for metadata, containing hashes and signatures for various other critical partitions, such as system.img, vendor.img, product.img, and even boot.img itself.

The bootloader verifies the vbmeta.img using a public key. Once vbmeta.img is authenticated, the device can trust the verification data it contains for other partitions.

Hash Trees and dm-verity

For larger partitions like system.img, a full cryptographic signature verification at boot time would be too slow. Instead, AVB leverages dm-verity (device-mapper verity). dm-verity constructs a hash tree (a Merkle tree) over the entire partition. The root hash of this tree is stored in vbmeta.img.

When the system boots, the kernel activates dm-verity for these partitions. Instead of verifying the entire partition upfront, dm-verity verifies data blocks on-the-fly, as they are read. For each block read, dm-verity computes its hash, compares it to the hash in the next layer of the hash tree, and propagates up until it reaches the root hash. If any block’s hash doesn’t match, dm-verity detects tampering and reports an I/O error, often leading to a boot failure or a limited functional state.

# Conceptual overview of a hash tree for a partition+--------------------+| Root Hash (in vbmeta)|+--------------------+         ||  +------------------+|  |  Level 1 Hashes  ||  +------------------+         ||  +------------------+|  |  Level 2 Hashes  ||  +------------------+         |+----------------------+| Data Blocks (e.g., /system) |+----------------------+

Stage 4: Rollback Protection

AVB also incorporates rollback protection, preventing an attacker from flashing an older, potentially vulnerable version of the OS that might have known exploits. The vbmeta.img includes a “rollback index” (or version number). During verification, the device checks if the rollback index in the newly flashed vbmeta.img is greater than or equal to the highest index ever seen by the device. If an older version is detected, the device will refuse to boot or display a warning.

Stage 5: Android Framework and Applications

Even after the kernel and system partitions are verified, the integrity checks continue. Android’s SELinux policies enforce strict access controls. Furthermore, app signature verification ensures that applications are from trusted sources and haven’t been tampered with. fs-verity (introduced in Linux kernel 5.4, adopted by Android) extends dm-verity‘s block-level integrity checking to individual files, providing an additional layer of file-level protection.

AVB States and User Experience

AVB communicates the integrity status of the device through various “states,” often indicated by boot-time warnings or specific messages:

  • GREEN: Device is locked, and the boot image and all verified partitions are pristine. This is the most secure state.
  • YELLOW: Device is unlocked, allowing custom ROMs or modified boot images. This disables full AVB protection but is intended for developers. A warning message is shown.
  • ORANGE: Device is unlocked, and a custom vbmeta or kernel is detected that uses custom keys. Similar to yellow, but often implies more extensive modification. A specific warning message is shown.
  • RED: Device is locked, but the software has been corrupted or tampered with using incorrect keys. The device will typically refuse to boot or enter a recovery mode, indicating a critical security failure.

Practical Check: Understanding Your Device’s AVB Status

You can query the AVB status of your device via ADB:

$ adb shell avbctl get_state

Expected output for a fully secure device:

VERIFIED_BOOT_STATE: green

To check if your bootloader is unlockable (which impacts AVB state):

$ fastboot flashing get_unlock_ability

A value of 1 indicates it’s unlockable; 0 means it’s not (OEM unlocking might be disabled in developer options).

Conclusion: AVB as a Cornerstone of Android Security

Android Verified Boot is far more than a simple boot-time check; it’s a multi-layered, sophisticated security architecture that forms the bedrock of Android’s integrity. By establishing a robust cryptographic chain of trust from the hardware root up, and employing mechanisms like dm-verity and rollback protection, AVB significantly mitigates the risk of persistent malware and unauthorized system modifications. Understanding AVB is crucial for anyone involved in Android security, development, or even for the average user seeking to comprehend the fundamental protections safeguarding their digital life.

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Security #Chain of Trust #dm-verity #Mobile Security #Verified Boot

Related Technical Guides

Reverse Engineering SELinux: Extracting & Adapting Policies for New Android Features

May 30, 2026

Hardening Android with SELinux: Implementing Strict Policies for Enhanced Device Security

May 30, 2026

Advanced Android Security: Implementing Dynamic Seccomp-BPF Filters for JNI Libraries

May 30, 2026