Bootloader // AVB keys used in ROMs for Fairphone 3+4

Discuss The Products
,
1

Hi everybody. After having read about DivestOS in other topics, I decided it would be easier to discuss everything about it here in this topic.

Thanks @SkewedZeppelin for this Custom ROM. I gave it a shot this Friday (FP3 with upgraded cameras). So far everything is great. I have been using Lineage OS rooted with Magisk for a long time now. Wanted to try using my telephone without root. Then decided to give DigestOS a try. Everything went well.
The Seedvault Backup could backup a lot of the apps (not all, because of Apps that do not allow getting backedup) from Lineage OS and I could restore them without any problem.
I also flashed the AVB custom key. However, everytime I boot, i get the message that the telephone has a different software installed. I thought that verified boot should ignore this message, right? Or am I missing something?

Thanks again.
Have a great Sunday,

2

Depends on bootloader he is installing.

FP4 with iode, /e/ doesn’t have this message with locked bootloader.
My pix5 with calyx and locked bootloader has this message and calyx writes in doku that it is normal.

1 Like
3

ROMs don’t change the bootloader, this is dependent on what keys are used to sign the system image and verified boot metadata.

DivestOS uses unique keys for each component of every device.
I strongly suspect FP3 bootloader has the AOSP test-keys marked trusted.

Any ROM with unique keys is supposed to show the “different OS” message.
If you do not see a yellow screen on a locked verified boot device with an alternate system the bootloader should be considered broken.

2 Likes
4

@FairphoneHulk

I have just downloaded the latest iodeOS for FP3 (iode-2.4-20220401-FP3.zip) and verified that while it uses release keys for the system, it uses the insecure public test keys for verified boot:

python verify_signature.py --file ../boot.img --vbmeta ../vbmeta.img 

Boot Signature Tool v1.6 (c) B.Kerler 2017-2019
----------------------------------------------
Kernel=0x00000800,	length=0x011DE800
Ramdisk=0x011DF000,	length=0x008EC000
Second=0x01ACB000,	length=0x00000000
QCDT=0x01ACB000,	length=0x00000800
Signature start=0x01ACB800

AVB >=2.0 vbmeta detected: avbtool 1.1.0
----------------------------------------
Image-Target: 				boot
Salt: 					3060ee5d8e693761a121db1dca43a72b06f166103d87d3fe44e416629a1d6bfc
Image-Size: 				0x1acb000

Calced Image-Hash: 			7b840afeda5c5bd81f57720c119d98bc8ee6b6ddda441b7e68f742d2e1f6a821
Image-Hash: 				7b840afeda5c5bd81f57720c119d98bc8ee6b6ddda441b7e68f742d2e1f6a821
VBMeta-Image-Hash: 			7b840afeda5c5bd81f57720c119d98bc8ee6b6ddda441b7e68f742d2e1f6a821

Signature-RSA-Modulus (n):	d804afe3d3846c7e0d893dc28cd31255e962c9f10f5ecc1672ab447c2c654a94b5162b00bb06ef1307534cf964b9287a1b849888d867a423f9a74bdc4a0ff73a18ae54a815feb0adac35da3bad27bcafe8d32f3734d6512b6c5a27d79606af6bb880cafa30b4b185b34daaaac316341ab8e7c7faf90977ab9793eb44aecf20bcf08011db230c4771b96dd67b604787165693b7c22a9ab04c010c30d89387f0ed6e8bbe305bf6a6afdd807c455e8f91935e44feb88207ee79cabf31736258e3cdc4bcc2111da14abffe277da1f635a35ecadc572f3ef0c95d866af8af66a7edcdb8eda15fba9b851ad509ae944e3bcfcb5cc97980f7cca64aa86ad8d33111f9f602632a1a2dd11a661b1641bdbdf74dc04ae527495f7f58e3272de5c9660e52381638fb16eb533fe6fde9a25e2559d87945ff034c26a2005a8ec251a115f97bf45c819b184735d82d05e9ad0f357415a38e8bcc27da7c5de4fa04d3050bba3ab249452f47c70d413f97804d3fc1b5bb705fa737af482212452ef50f8792e28401f9120f141524ce8999eeb9c417707015eabec66c1f62b3f42d1687fb561e45abae32e45e91ed53665ebdedade612390d83c9e86b6c2da5eec45a66ae8c97d70d6c49c7f5c492318b09ee33daa937b64918f80e6045c83391ef205710be782d8326d6ca61f92fe0bf0530525a121c00a75dcc7c2ec5958ba33bf0432e5edd00db0db33799a9cd9cb743f7354421c28271ab8daab44111ec1e8dfc1482924e836a0a6b355e5de95ccc8cde39d14a5b5f63a964e00acb0bb85a7cc30be6befe8b0f7d348e026674016cca76ac7c67082f3f1aa62c60b3ffda8db8120c007fcc50a15c64a1e25f3265c99cbed60a13873c2a45470cca4282fa8965e789b48ff71ee623a5d059377992d7ce3dfde3a10bcf6c85a065f35cc64a635f6e3a3a2a8b6ab62fbbf8b24b62bc1a912566e369ca60490bf68abe3e7653c27aa8041775f1f303621b85b2b0ef8015b6d44edf71acdb2a04d4b421ba655657e8fa84a27d130eafd79a582aa381848d09a06ac1bbd9f586acbd756109e68c3d77b2ed3020e4001d97e8bfc7001b21b116e741672eec38bce51bb4062331711c49cd764a76368da3898b4a7af487c8150f3739f66d8019ef5ca866ce1b167921dfd73130c421dd345bd21a2b3e5df7eaca058eb7cb492ea0e3f4a74819109c04a7f42874c86f63202b462426191dd12c316d5a29a206a6b241cc0a27960996ac476578685198d6d8a62da0cfece274f282e397d97ed4f80b70433db17b9780d6cbd719bc630bfd4d88fe67acb8cc50b768b35bd61e25fc5f3c8db1337cb349013f71550e51ba6126faeae5b5e8aacfcd969fd6c15f5391ad05de20e751da5b9567edf4ee426570130b70141cc9e019ca5ff51d704b6c0674ecb52e77e174a1a399a0859ef1acd87e
Signature-n0inv: 			1440285869

!!!! Image seems to be signed by google test keys, yay !!!!
AVB-Status: VERIFIED, 0

I wouldn’t be surprised if /e/OS does the same.

:person_facepalming:

5

@SkewedZeppelin

No experience on FP3, only on FP4
For FP4 they are using the avb_custom_key-FP4.bin
Do you think this is also just the public test key only with another file name?

Key file find here:

6

@FairphoneHulk
iode-2.4-20220401-FP4.zip:

python verify_signature.py -f boot.img -v vbmeta.img 

Boot Signature Tool v1.6 (c) B.Kerler 2017-2019
----------------------------------------------
Kernel=0x00001000,	length=0x02C57000
Ramdisk=0x02C58000,	length=0x00111000
Second=0x02D69000,	length=0x00000000
QCDT=0x02D69000,	length=0x00001000
Signature start=0x02D6A000

AVB >=2.0 vbmeta detected: avbtool 1.1.0
----------------------------------------
Image-Target: 				boot
Salt: 					1be0fc25b87611b2b954b5c5733b2e0bd32000042ce2cddad83834415d8a2925
Image-Size: 				0x2fac000

Calced Image-Hash: 			9072f83d0e36773f3a2212ab88c7b4c4bcb8e46fc2c2a4f651041e1461381b4b
Image-Hash: 				9072f83d0e36773f3a2212ab88c7b4c4bcb8e46fc2c2a4f651041e1461381b4b
VBMeta-Image-Hash: 			9072f83d0e36773f3a2212ab88c7b4c4bcb8e46fc2c2a4f651041e1461381b4b

Signature-RSA-Modulus (n):	d804afe3d3846c7e0d893dc28cd31255e962c9f10f5ecc1672ab447c2c654a94b5162b00bb06ef1307534cf964b9287a1b849888d867a423f9a74bdc4a0ff73a18ae54a815feb0adac35da3bad27bcafe8d32f3734d6512b6c5a27d79606af6bb880cafa30b4b185b34daaaac316341ab8e7c7faf90977ab9793eb44aecf20bcf08011db230c4771b96dd67b604787165693b7c22a9ab04c010c30d89387f0ed6e8bbe305bf6a6afdd807c455e8f91935e44feb88207ee79cabf31736258e3cdc4bcc2111da14abffe277da1f635a35ecadc572f3ef0c95d866af8af66a7edcdb8eda15fba9b851ad509ae944e3bcfcb5cc97980f7cca64aa86ad8d33111f9f602632a1a2dd11a661b1641bdbdf74dc04ae527495f7f58e3272de5c9660e52381638fb16eb533fe6fde9a25e2559d87945ff034c26a2005a8ec251a115f97bf45c819b184735d82d05e9ad0f357415a38e8bcc27da7c5de4fa04d3050bba3ab249452f47c70d413f97804d3fc1b5bb705fa737af482212452ef50f8792e28401f9120f141524ce8999eeb9c417707015eabec66c1f62b3f42d1687fb561e45abae32e45e91ed53665ebdedade612390d83c9e86b6c2da5eec45a66ae8c97d70d6c49c7f5c492318b09ee33daa937b64918f80e6045c83391ef205710be782d8326d6ca61f92fe0bf0530525a121c00a75dcc7c2ec5958ba33bf0432e5edd00db0db33799a9cd9cb743f7354421c28271ab8daab44111ec1e8dfc1482924e836a0a6b355e5de95ccc8cde39d14a5b5f63a964e00acb0bb85a7cc30be6befe8b0f7d348e026674016cca76ac7c67082f3f1aa62c60b3ffda8db8120c007fcc50a15c64a1e25f3265c99cbed60a13873c2a45470cca4282fa8965e789b48ff71ee623a5d059377992d7ce3dfde3a10bcf6c85a065f35cc64a635f6e3a3a2a8b6ab62fbbf8b24b62bc1a912566e369ca60490bf68abe3e7653c27aa8041775f1f303621b85b2b0ef8015b6d44edf71acdb2a04d4b421ba655657e8fa84a27d130eafd79a582aa381848d09a06ac1bbd9f586acbd756109e68c3d77b2ed3020e4001d97e8bfc7001b21b116e741672eec38bce51bb4062331711c49cd764a76368da3898b4a7af487c8150f3739f66d8019ef5ca866ce1b167921dfd73130c421dd345bd21a2b3e5df7eaca058eb7cb492ea0e3f4a74819109c04a7f42874c86f63202b462426191dd12c316d5a29a206a6b241cc0a27960996ac476578685198d6d8a62da0cfece274f282e397d97ed4f80b70433db17b9780d6cbd719bc630bfd4d88fe67acb8cc50b768b35bd61e25fc5f3c8db1337cb349013f71550e51ba6126faeae5b5e8aacfcd969fd6c15f5391ad05de20e751da5b9567edf4ee426570130b70141cc9e019ca5ff51d704b6c0674ecb52e77e174a1a399a0859ef1acd87e
Signature-n0inv: 			1440285869

!!!! Image seems to be signed by google test keys, yay !!!!
AVB-Status: VERIFIED, 0

and for reference DivestOS for FP3:

python verify_signature.py -f boot.img -v vbmeta.img 

Boot Signature Tool v1.6 (c) B.Kerler 2017-2019
----------------------------------------------
Kernel=0x00000800,	length=0x011E8800
Ramdisk=0x011E9000,	length=0x00957800
Second=0x01B40800,	length=0x00000000
QCDT=0x01B40800,	length=0x00000800
Signature start=0x01B41000

AVB >=2.0 vbmeta detected: avbtool 1.1.0
----------------------------------------
Image-Target: 				boot
Salt: 					97f6ebd818f61884e790b03a5ec0d4b8c757d24c26921e8af0a532f7b7f6f3ac
Image-Size: 				0x1b40800

Calced Image-Hash: 			3caeaf1da540748d0c3b9f50b89f97ef4d325b4dfedee4007980578115d0669c
Image-Hash: 				3caeaf1da540748d0c3b9f50b89f97ef4d325b4dfedee4007980578115d0669c
VBMeta-Image-Hash: 			3caeaf1da540748d0c3b9f50b89f97ef4d325b4dfedee4007980578115d0669c

Signature-RSA-Modulus (n):	bd84b47bfb89afb697677ed92b6f94002a3dcffdee8d13e06b1ef996e90a3883e06d8043fd52dca61772bf514ea3747ecc4c7bbef987829f9029d145c7db9b68460a3c5c17562ad9c41164618d8163a78a733c99291df0dbf3255eba7f709e3d3d10c880358775332f0b987baf5cfaf6ae9dd780309138f7833fd441694c0c9ede9858eea395e256e984abeed0ff5b87d1fcf78201011b28d34667774559aaabe8d2b873f45899e451fdbad4c8be0d8e44604b7cef4fd45a12e0736bb4a88c558ad3cc4c3f1ed3832ad29cd394033bbd2a5d654fdb84789c97897ba2ae86b2e287bd0ed9489f6278df55efa7538085c5e4561258c3cc58744d22e56630f1afd022e3df0a8f0cec161349ed02ccff6107954c35129d66b2007b1caf8612c8ffb746e3e4eed6db7a526c663311d7fc98220ff2bedab3353de8d6f926c5fcb73d8d44550cda7bb29ddab65219494e447697cfadfbada65153fc167318e640f442c554a96ec66ae45f994b86ab3e7cfdea3bae6f5f10f03c425c6373af17bab907be675cce429315ec18332a41cc434aef7ee88e44ca73e14c5c0197e91cfd4326eb12c6211cfffeeca34b0c1dd4e0ee4cd9276f56cd90a79eba86ce2d84e891244a39e2e10907cc2d19bd21dd899d530bdad92c87e1d6f9118847bfdf72d3afb8b6d3380ffcaa9f73f2dfdc69f6b45e38849cdf4a0dd3b770bfe6f5d3fc1d1f6329527689a3cec41047886550111711f6ae7c5823c7b347a2df23148e5459bd7e367a365c5f890195510595856974e13b773e121cf3dba6b3d2bfb1f1d01ab2e1ee4d237a5683ba89e9b29185c033092efa94cb0dce0ab100c0f2086c3ae657eea6d2ebe2557446393b21362d511b55099fe3518847905fe7496bdd427b3cb6e3260a25694ff44881544cd07650725d0f8cf08f4d05d1c973133200736879f443de7014617261807e5a1b58f657344a6389b58084e829114aa7bc965164d5796b53b1f22946e48fd62437645ed866b59332c16f2dd88d6e273612dfab3a116678cb1fde59f6d1d72066a7248b9e61ca0826fc629f474be240ace49be53779ac39afed2286f61d315928363d6ff267718495aa8149413f65fc613aa3cd53ffd7a59a2a1373a1b9315100211195d1b948e30bea259781af417e412911aa5a4da3bf97e3f5e3c235d611121582d4ed8ce96b3161f20dcf3c91d364843b541ce89ac707de123c49788f8af71edf3b40cd3d8cac2ed511bbbc98016b6bb047661a3564ac70af4ea607b2bae489ea88acb23d312686285fa32f9bcc9a23d59d8430459f5080b0e534f9c977881e9eb0bb26726b7cc777ac1a07c898617d86d190bac3958b5875d9a9a6f2299055c2dc67d09e8f3e7fa3c4993c0357ed36bdc57696a7e2ba44fc90f4fde7fca64067d1d6aaad390535c5c16eb652ccc0c3b63734b03436d5
Signature-n0inv: 			31987431
AVB-Status: VERIFIED, 0
7

ok, thanks
Is this really bad, or not? Don’t know…
What do you do in DivestOS?

8

test-keys basically means verified boot is doing absolutely nothing.

Here is how DivestOS handles it:

3 Likes
9

@SkewedZeppelin
Thanks for explaining

What’s about calyxOS and the brand new version for FP4
They are using a key, too.
Also only test key?

Can you test this, too, please.

Would be interesting…

And more then that
What is FP doing on their ROM?
In FPOS? Just test keys, too?

10

CalyxOS for FP4 is correct as it should be:

python verify_signature.py -f boot.img -v vbmeta.img 

Boot Signature Tool v1.6 (c) B.Kerler 2017-2019
----------------------------------------------
Kernel=0x00001000,	length=0x023D8000
Ramdisk=0x023D9000,	length=0x0018A000
Second=0x02563000,	length=0x00000000
QCDT=0x02563000,	length=0x00001000
Signature start=0x02564000

AVB >=2.0 vbmeta detected: avbtool 1.2.0
----------------------------------------
Image-Target: 				boot
Salt: 					12f8db8a983a54a16ee3adab96ad343d8945c6aeb263c0dc8a41e4a35f394482
Image-Size: 				0x25cc000

Calced Image-Hash: 			4ef843934ca727a6a486543641fbcf9d7696d144a918b6a161547b981951955e
Image-Hash: 				4ef843934ca727a6a486543641fbcf9d7696d144a918b6a161547b981951955e
VBMeta-Image-Hash: 			4ef843934ca727a6a486543641fbcf9d7696d144a918b6a161547b981951955e

Signature-RSA-Modulus (n):	b3dea877338dbc3b4cd9690d43c61c02b555154defe69095b5c5eb392b02c7c75391fd37597e1c7a01ad82c1943f94d2db264452004c052a1cd3edc7fecdae50abfbb7a98a921f8b2685f15745f127148c79cdbc651b224b88a8231352fdbcc5eeeda69f8e10b43c9a2d24e476ba3b46b3bda2eee4ea946e23fb50a90fc3e13de6a46f5617f6001caba20ef3eecaed0fab8edf06b39ff71df1c6a7155527b823b07f1108fd5b6c73d0fc4123ef99825fcbd97d219b6e2480a96a258fa943eddcbd47ab97f8075615c443e83f5b93a38ed309ef85c6e63bf1c4bbef53fcce42ed5e608f94ad5834b5b7d46f0e7265838d67b8e22584e9362ab4ce9ef4a3c8447cfa816f8b9a23471d37fd0831999cefa8101649315a85567854e1a21888c2d5d3c6aac2883af5749736b48df3b62f461a21e887d772583142283801ba6ee813b7d034a1589af3144a3f33b2543bb9e782b530ba96e17e31306ff2b70492cd67453207cbdade7ccc336f20e24edb2d3db3bdd5c0f17c1a2787e6a45c4bc98c5ae56b600a44b48abaff01eba8f95295e0c758a9d9d88af440d87f42a13aea4b8a4175f812682691652da1e4abb0797dddf5b2547106ac82b72fcf4b30824135170af271b467d58bce2aa853e02adc482693450757401da1287ac3366580ef7bfed5fd3197b3414a28fa6217095d4704e70e8990bfdcb0498b40ac8fc2ffc171f6874f2e6e065597e2187e73cd375aaf55fb09757f568296c0cba6fb6789bafa57801d8c65cab21ef2757a256365345b219077bd86f7f1d2c90c8fb34cfd9ec45f5030c6677c839721d10359094fa7f0de602b89cf75fa189d0797ceacfe1927397a71cce8b40831ccc0e52057f703e3c1991441cba0f74e962fb32ab54fc07dfabc2b2fcd5b7953cc78db787bce35dad5af9a843315386efa778a6abb28aeac26d1126ae0894ff2f74839c53c34c841ecca0aaf2f3297b1ae966f84b11f535f4160892ba4ef52a6e904739de08e5465f6e0f20b859737de9a967d17b3b7a70eeba4eedf838e0d436f9861a8e24b8cfffef442557214f0b2437369c63cfd158d0f31b8b04ec4bfac2f192cac7466769f8c15641d53d13ff751765e27810cba2f833efe0f8b0fd496a3b3812e8748e2b6ba78268e56e56117154705b85f440fad09c00df489b55f9cd343cb0bff9d0d09047b5f49492ca8b5f685ecbf08feb619543f23bd53507bbb3061c8381f48a164a93e700e7477c2213e15e8e12e50506c4a77c183cc887895a69f2f08b2bc08d541350a7d1484121d69dfac13f32f297d8446d62077fe10f845a644a51c3c163b2befb6bc92dd5a390f9fd5cf4b9ca65e8410d9033ca82ccfeed8edd37d740f673122b87b440af8be10e90b28401e904230158ec7254c79f634111ad23a91229bf2950f8459f32c8c7c22326e76b8e1addd36
Signature-n0inv: 			2872774857
AVB-Status: VERIFIED, 0
3 Likes
11

And for the finale we see Fairphone shipping test-keys in production somehow:

FP4.FP3R.A.099.20220112_factory.zip:
python verify_signature.py -f boot.img -v vbmeta.img 

Boot Signature Tool v1.6 (c) B.Kerler 2017-2019
----------------------------------------------
Kernel=0x00001000,	length=0x023DC000
Ramdisk=0x023DD000,	length=0x00119000
Second=0x024F6000,	length=0x00000000
QCDT=0x024F6000,	length=0x00001000
Signature start=0x024F7000

AVB >=2.0 vbmeta detected: avbtool 1.1.0
----------------------------------------
Image-Target: 				boot
Salt: 					c68377f8602056d7e5736c8fa7aa40b4ea4af0fac29c02354cbe1f50755e8708
Image-Size: 				0x26e3000

Calced Image-Hash: 			99f243a244a45de8f0e9ca4832cd0eaa71bad3d76b545c89134417b45a6115af
Image-Hash: 				99f243a244a45de8f0e9ca4832cd0eaa71bad3d76b545c89134417b45a6115af
VBMeta-Image-Hash: 			99f243a244a45de8f0e9ca4832cd0eaa71bad3d76b545c89134417b45a6115af

Signature-RSA-Modulus (n):	d804afe3d3846c7e0d893dc28cd31255e962c9f10f5ecc1672ab447c2c654a94b5162b00bb06ef1307534cf964b9287a1b849888d867a423f9a74bdc4a0ff73a18ae54a815feb0adac35da3bad27bcafe8d32f3734d6512b6c5a27d79606af6bb880cafa30b4b185b34daaaac316341ab8e7c7faf90977ab9793eb44aecf20bcf08011db230c4771b96dd67b604787165693b7c22a9ab04c010c30d89387f0ed6e8bbe305bf6a6afdd807c455e8f91935e44feb88207ee79cabf31736258e3cdc4bcc2111da14abffe277da1f635a35ecadc572f3ef0c95d866af8af66a7edcdb8eda15fba9b851ad509ae944e3bcfcb5cc97980f7cca64aa86ad8d33111f9f602632a1a2dd11a661b1641bdbdf74dc04ae527495f7f58e3272de5c9660e52381638fb16eb533fe6fde9a25e2559d87945ff034c26a2005a8ec251a115f97bf45c819b184735d82d05e9ad0f357415a38e8bcc27da7c5de4fa04d3050bba3ab249452f47c70d413f97804d3fc1b5bb705fa737af482212452ef50f8792e28401f9120f141524ce8999eeb9c417707015eabec66c1f62b3f42d1687fb561e45abae32e45e91ed53665ebdedade612390d83c9e86b6c2da5eec45a66ae8c97d70d6c49c7f5c492318b09ee33daa937b64918f80e6045c83391ef205710be782d8326d6ca61f92fe0bf0530525a121c00a75dcc7c2ec5958ba33bf0432e5edd00db0db33799a9cd9cb743f7354421c28271ab8daab44111ec1e8dfc1482924e836a0a6b355e5de95ccc8cde39d14a5b5f63a964e00acb0bb85a7cc30be6befe8b0f7d348e026674016cca76ac7c67082f3f1aa62c60b3ffda8db8120c007fcc50a15c64a1e25f3265c99cbed60a13873c2a45470cca4282fa8965e789b48ff71ee623a5d059377992d7ce3dfde3a10bcf6c85a065f35cc64a635f6e3a3a2a8b6ab62fbbf8b24b62bc1a912566e369ca60490bf68abe3e7653c27aa8041775f1f303621b85b2b0ef8015b6d44edf71acdb2a04d4b421ba655657e8fa84a27d130eafd79a582aa381848d09a06ac1bbd9f586acbd756109e68c3d77b2ed3020e4001d97e8bfc7001b21b116e741672eec38bce51bb4062331711c49cd764a76368da3898b4a7af487c8150f3739f66d8019ef5ca866ce1b167921dfd73130c421dd345bd21a2b3e5df7eaca058eb7cb492ea0e3f4a74819109c04a7f42874c86f63202b462426191dd12c316d5a29a206a6b241cc0a27960996ac476578685198d6d8a62da0cfece274f282e397d97ed4f80b70433db17b9780d6cbd719bc630bfd4d88fe67acb8cc50b768b35bd61e25fc5f3c8db1337cb349013f71550e51ba6126faeae5b5e8aacfcd969fd6c15f5391ad05de20e751da5b9567edf4ee426570130b70141cc9e019ca5ff51d704b6c0674ecb52e77e174a1a399a0859ef1acd87e
Signature-n0inv: 			1440285869

!!!! Image seems to be signed by google test keys, yay !!!!
AVB-Status: VERIFIED, 0

If someone can edit the title of this thread to be something like:
AVB keys used in ROMs for Fairphone
That’d be appreciated.

5 Likes
12

@SkewedZeppelin

How can i interpret this:

Snipped from google doc: Device State, User-settable root of trust:

If an user-settable root of trust is set, the device should allow a version of Android signed with either the built-in root of trust or the user-settable root of trust to boot.

what difference regarding Trust does it makes?
As I understand it, it is still possible to boot any kernel as long as it is signed with the built-in key, because both will be accepted. Right? Or do I understand it wrong?

https://source.android.google.cn/security/verifiedboot/device-state?hl=en

13

@SkewedZeppelin
maybe I may have a stement?

14

@AlphaElwedritsch

In the case you install a properly signed ROM on such a broken bootloader, the
verified boot should be functional.

I am more concerned about the ROMs signing verified boot metadata with test-
keys.
If you could get EDL access you can very likely swap out the system without
triggering a wipe of usredata.

2 Likes
15

@SkewedZeppelin

Can you test newest iodé build?
https://github.com/vincentvidal/iode_ota/releases/download/v1/iode-2.4-20220405-FP4.zip

signed with own key instead of test-keys

got yellow bootscreen now: that a different OS will be booted…

thanks

16

@AlphaElwedritsch

iode-2.4-20220405-FP4 appears correct like DivestOS and CalyxOS now.

1 Like
17

A post was merged into an existing topic: Divest OS: Everything about Divest OS on the Fairphones

18

Sorry, I haven’t had my morning coffee yet and I just found this thread.

Is this “fixed” now? Do I have anything to worry about when it comes to ROMs?

19

Hi @SkewedZeppelin

Can you link your verify_signature.py script version ?

I’m testing with repos GitHub - bkerler/android_universal: Universal android boot to root or GitHub - bkerler/dump_avb_signature: Dump Android Verified Boot Signature

But the only result I have is :

python3 /opt/dump_avb_signature/verify_signature.py --file boot.img --vbmeta vbmeta.img

Boot Signature Tool v1.6 (c) B.Kerler 2017-2019
----------------------------------------------
Kernel=0x00000800,	length=0x00F1F800
Ramdisk=0x00F20000,	length=0x00B1C000
Second=0x01A3C000,	length=0x00000000
QCDT=0x01A3C000,	length=0x00000800
Signature start=0x01A3C800

AVB >=2.0 vbmeta detected: avbtool 1.2.0
----------------------------------------
Sorry, only avb version <=1.1 is currently implemented
20

@thasos

I think I just commented out the version check.

2 Likes