Closed ztmzzz closed 1 month ago
Hey, thanks for reporting this! This is a bug on Google's end, but it's not a security issue.
I downloaded husky-ota-ap1a.240505.005-6fd4a237.zip
and extracted the partitions to take a look.
From your logs, the two block devices with the errors are:
[ 1.612123] init: [libfs_avb] Failed to load vbmeta: /dev/block/dm-1
[ 1.612213] init: [libfs_avb] Built verity table: '1 /dev/block/dm-1 /dev/block/dm-1 4096 4096 2658 2658 sha256 8a189a5f31e70deb58800584b229169fede346bb49de1abbff2fc8d1732cd675 404ae4dbc2c76050d1e02a5b70e615c705dfe593a45b8ffdd41a14f81a1343b9 10 use_fec_from_device /dev/block/dm-1 fec_roots 2 fec_blocks 2680 fec_start 2680 restart_on_corruption ignore_zero_blocks'
...
[ 1.685343] init: [libfs_avb] Failed to load vbmeta: /dev/block/dm-5
[ 1.685557] init: [libfs_avb] Built verity table: '1 /dev/block/dm-5 /dev/block/dm-5 4096 4096 6570 6570 sha256 797ac00b25de1cad24d15ae4d690185676ee7d91fa91144d25054e9fa4a5690d 404ae4dbc2c76050d1e02a5b70e615c705dfe593a45b8ffdd41a14f81a1343b9 10 use_fec_from_device /dev/block/dm-5 fec_roots 2 fec_blocks 6623 fec_start 6623 restart_on_corruption ignore_zero_blocks'
The root digests (8a189a5f31e70deb58800584b229169fede346bb49de1abbff2fc8d1732cd675
and 797ac00b25de1cad24d15ae4d690185676ee7d91fa91144d25054e9fa4a5690d
) can be used to determine what the actual partitions are. In this case, they are the system_dlkm
and vendor_dlkm
partitions.
I extracted the fstab.zuma
file from the vendor_boot
partition to see how Android is mounting these two partitions and found these lines:
system_dlkm /system_dlkm ext4 noatime,ro wait,slotselect,avb=vbmeta_system,avb_keys=no_such_key,logical,first_stage_mount,readahead_size_kb=128
...
vendor_dlkm /vendor_dlkm ext4 noatime,ro wait,slotselect,avb=vbmeta,avb_keys=no_such_key,logical,first_stage_mount
Google specified two verification methods for these partitions:
system_dlkm
, there's avb=vbmeta_system
and avb_keys=no_such_key
vendor_dlkm
, there's avb=vbmeta
and avb_keys=no_such_key
The errors you're seeing are caused by Android attempting to verify with avb_keys=no_such_key
first. When that fails, it tries the other (valid) option and then succeeds.
The fact that avb_keys=no_such_key
ended up in here is a bug on Google's end. This is not a security risk though. There's no way for someone to create a malicious file named no_such_key
to trick Android into verifying with a different key. That would require modifying the system
partition, which is not possible because it is properly signed and verified.
I have successfully locked the bootloader. The following information was found during inspection. I would like to ask if the output of
Error verifying vbmeta image
has any potential impact. I use official rom, model is pixel 8 pro.adb shell su -c 'dmesg | grep libfs_avb'
showsavbroot ota verify
output: