1# AVB resource manager 2 3The AVB ([Android Verified Boot](https://android.googlesource.com/platform/external/avb)) 4resource manager is intended to provide tamper proof storage for data used by 5[libavb](https://android.googlesource.com/platform/external/avb/+/master#Device-Integration). 6This includes the verified boot lock state, stored rollback index values, and ATX 7([Android Things eXtension](https://android.googlesource.com/platform/external/avb/+/master/libavb_atx/)) 8permanent attributes. 9 10## Operations 11 12### Reading/Writing Stored Rollback Indexes 13 14Rollback indexes are strictly increasing, and any request to write a value to a 15rollback index that is smaller than the existing value will fail. A mask 16(0xF000) is used to map a rollback index to a file, and a file may contain a 17maximum of 32 rollback indexes. For example, 0xF01F and 0x0001 are valid values 18for the rollback index, but 0x10000 and 0x0020 are not. 19 20### Reading/Writing Verified Boot Lock State 21 22If the lock state is 1, or LOCKED, then verification errors are fatal, and 23booting MUST fail. If the lock state is 0, or UNLOCKED, the device may boot 24even when verification fails. When the device changes lock state, all stored 25rollback indexes are cleared. 26 27### Reading/Writing ATX Permanent Attributes 28 29A hash of the 30[attributes](https://android.googlesource.com/platform/external/avb/+/master/libavb_atx/avb_atx_types.h) 31MUST be stored in write-once fuses. Once this is written, any subsequent 32requests to write it will fail. Attributes are stored as an opaque buffer and 33parsed by the bootloader. 34 35### Locking Boot State 36 37Once the AVB resource manager receives a LOCK_BOOT_STATE request, all requests 38to write to resources will fail until the next reboot. This should be called 39after libavb has acquired all necessary resources, and before the bootloader 40passes control to the HLOS. This prevents a compromised HLOS from tampering 41with AVB resources. 42 43## Client Code 44 45Since libavb is executed by the bootloader, the non-secure side API that 46makes requests to the AVB resource manager is located 47[here](https://android.googlesource.com/trusty/external/trusty/+/master/ql-tipc/). 48