diff options
author | Victor Hsieh <victorhsieh@google.com> | 2019-03-04 13:52:06 -0800 |
---|---|---|
committer | Sachiyo Sugimoto <sachiyo@google.com> | 2019-08-23 23:51:08 +0000 |
commit | 3a3891dd47279e43b594a4be7883f6fd2c55634e (patch) | |
tree | 9dd5878aace8c44bce73b7b44220de98d1bf47fe | |
parent | f83f393803269aa32526b4b3e70d41c2bc60973b (diff) | |
download | platform_compatibility_cdd-3a3891dd47279e43b594a4be7883f6fd2c55634e.tar.gz platform_compatibility_cdd-3a3891dd47279e43b594a4be7883f6fd2c55634e.tar.bz2 platform_compatibility_cdd-3a3891dd47279e43b594a4be7883f6fd2c55634e.zip |
CDD: priv apps root of trust on Verified Boot
- This is a minor language improvement for the spirit. Previously, the
document explicitly requires /system, but actually all partition
protected by Verified Boot is fine.
Test: None
Bug: 123365823
Change-Id: I405371c69323bb95bc07e18c09b78ed2d1bcf46e
-rw-r--r-- | 9_security-model/9_10_device-integrity.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/9_security-model/9_10_device-integrity.md b/9_security-model/9_10_device-integrity.md index 46d77b81..e1a5d38a 100644 --- a/9_security-model/9_10_device-integrity.md +++ b/9_security-model/9_10_device-integrity.md @@ -48,7 +48,7 @@ locked mode to boot loader unlocked mode. (e.g. boot, system partitions) and use tamper-evident storage for storing the metadata used for determining the minimum allowable OS version. * [C-SR] Are STRONGLY RECOMMENDED to verify all privileged app APK files with -a chain of trust rooted in `/system`, which is protected by Verified Boot. +a chain of trust rooted in partitions protected by Verified Boot. * [C-SR] Are STRONGLY RECOMMENDED to verify any executable artifacts loaded by a privileged app from outside its APK file (such as dynamically loaded code or compiled code) before executing them or STRONGLY RECOMMENDED not to execute them |