Device State | Android Open Source Project

Device states are LOCKED and UNLOCKED . LOCKED devices prevent you from flashing new software to the device, whereas UNLOCKED devices allow modification. When a ... Docs GettingStarted About Start Download Build Create Contribute Community Security Overview Bulletins Features Testing BestPractices CoreTopics Architecture Audio Camera Connectivity Data Display Fonts Graphics Interaction Media Performance Permissions Power Runtime Settings Storage Tests Updates Compatibility CompatibilityDefinitionDocument(CDD) CompatibilityTestSuite(CTS) AndroidDevices Automotive Enterprise TV Reference HIDL HAL TradeFederation GOTOCODE➚ English BahasaIndonesia Deutsch Español–AméricaLatina Français Italiano Polski Português–Brasil TiếngViệt Türkçe Русский עברית العربيّة فارسی हिंदी বাংলা ภาษาไทย 中文–简体 中文–繁體 日本語 한국어 Signin Documentation GettingStarted Security CoreTopics Compatibility AndroidDevices Reference Docs More GettingStarted Security CoreTopics Compatibility AndroidDevices Reference GOTOCODE➚ Overview SecurityOverview SecureanAndroidDeviceKernelSecurityAppSecurityImplementingSecurityUpdatesandResourcesReports Enhancements OverviewAndroid11Android10Android9Android8.0Android7.0Android6.0Android5.0Android4.4Android4.3Android4.2Android4.1Acknowledgements AndroidSecurityBulletins Overview 2022Bulletins OctoberSeptemberAugustJulyJuneMayAprilMarchAndroid12LFebruaryJanuaryAndroid13Index 2021Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryAndroid12Index 2020Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryAndroid11Index 2019Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryAndroid10Index 2018Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryIndex 2017Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryIndex 2016Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryIndex 2015Bulletins DecemberNovemberOctoberSeptemberAugustIndex Pixel/NexusBulletins Overview 2022Bulletins OctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuary 2021Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryIndex 2020Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryIndex 2019Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryIndex 2018Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuaryIndex 2017Bulletins DecemberNovemberOctoberIndex AndroidAutomotive Overview 2022Bulletins OctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuary 2021Bulletins DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuary Chromecast Overview 2022Bulletins July Advisories OverviewMarch2016 Features OverviewApplicationSandboxfs-verityIntegrationOMAPIVendorStableInterface ApplicationSigning OverviewAPKSignatureSchemev2APKSignatureSchemev3APKSignatureSchemev4 Authentication OverviewGatekeeper Biometrics OverviewMeasuringBiometricSecurityFingerprintHIDLFaceAuthenticationHIDL ProtectedConfirmation OverviewImplementationDesignGuidelinesAccessibility Encryption OverviewFile-BasedEncryptionFull-DiskEncryptionMetadataEncryptionEnablingAdiantumHardware-WrappedKeys Keystore OverviewFeaturesKeyAttestationVersionBindingAuthorizationTagsFunctions IdentityCredential Overview SELinux OverviewConceptsImplementationCustomizationBuildingsepolicyCompatibilityValidation&DebuggingWritingPolicyVendorinit TrustyTEE OverviewDownloadandBuildTrustyAPIReference VerifiedBoot OverviewDeviceStateVerifyingBootBootFlowImplementingdm-verityVerifyingsystem_otherPartitionReferenceImplementation Testing OverviewAddressSanitizer ArmMemoryTaggingExtension(MTE) OverviewMTEBootloadersupportBoundsSanitizer(BoundSan)ControlFlowIntegrity(CFI)Execute-onlyMemoryFuzzingwithlibFuzzerGWPASanandKFENCEHWAddressSanitizerIntegerOverflowSanitizationKernelCFILLVMSanitizersMemorySafetyHWASan,ASanandKASANScudoShadowCallStackTaggedPointersUnderstandingHWASanreportsZeroInitializedMemory BestPractices OverviewOperationalSecuritySystemSecurityAppSecurityNetworkSecurityHardwareSecurityPrivacySecurity GettingStarted About Start Download Build Create Contribute Community Security Overview Bulletins Features Testing BestPractices CoreTopics Architecture Audio Camera Connectivity Data Display Fonts Graphics Interaction Media Performance Permissions Power Runtime Settings Storage Tests Updates Compatibility CompatibilityDefinitionDocument(CDD) CompatibilityTestSuite(CTS) AndroidDevices Automotive Enterprise TV Reference HIDL HAL TradeFederation AOSP Docs Security Sendfeedback DeviceState Stayorganizedwithcollections Saveandcategorizecontentbasedonyourpreferences. Thedevicestateindicateshowfreelysoftwarecanbeflashedtoadeviceand whetherverificationisenforced.DevicestatesareLOCKEDand UNLOCKED.LOCKEDdevicespreventyoufromflashingnew softwaretothedevice,whereasUNLOCKEDdevicesallow modification. Whenadevicepowerson,thebootloaderfirstchecksifadeviceis LOCKEDorUNLOCKED.Ifadeviceis UNLOCKED,thebootloadershowstheuserawarningandthenproceeds tobooteveniftheloadedOSisn'tsignedbytherootoftrust. IfthedeviceisLOCKED,thebootloadergoesthroughthestepsin VerifyingBoottoverify thedevice'ssoftware.LOCKEDdevicesbootonlyifthe loadedOSisproperlysignedbytherootoftrust.Formoredetails,see Thebootflow. Changingdevicestate Tochangeadevice'sstate,use thefastbootflashing[unlock|lock]command.Toprotectuser data,allstatetransitionswipethedatapartitionsandaskforuser confirmationbeforedataisdeleted. TheUNLOCKEDtoLOCKEDtransitionisanticipatedwhen auserbuysauseddevelopmentdevice.Asaresultoflockingthedevice,the usershouldhaveconfidencethatitisinastateproducedbythedevice manufacturer,aslongasthereisnowarning.TheLOCKEDto UNLOCKEDtransitionisexpectedwhenadeveloperwishestodisable verificationonthedevicefordevelopmentpurposes. RootofTrust RootoftrustisthecryptographickeyusedtosignthecopyofAndroid storedonthedevice.Theprivatepartoftherootoftrustisknownonlytothe devicemanufacturerandisusedtosigneveryversionofAndroidintendedfor distribution.Thepublicpartoftherootoftrustisembeddedinthedeviceand isstoredinaplacesoitcannotbetamperedwith(typicallyread-only storage). WhenitloadsAndroid,thebootloaderusestherootoftrusttoverify authenticity.Formoredetailsonthisprocess,see VerifyingBoot.Devicesmayhave multiplebootloadersandassuchmultiplecryptographickeysmaybeinplay. User-settablerootoftrust Devicescanoptionallyallowtheusertoconfiguretherootoftrust(for example,apublickey).Devicescanusethisuser-settablerootoftrustfor VerifiedBootinsteadofthebuilt-inrootoftrust.Thisallowstheuserto installandusecustomversionsofAndroidwithoutsacrificingthesecurity improvementsofVerifiedBoot. Ifuser-settablerootoftrustisimplemented,itshouldbedoneinawaysuch that: Physicalconfirmationisrequiredtoset/cleartheuser-settablerootof trust. Theuser-settablerootoftrustcanonlybesetbytheenduser.Itcannot besetatthefactoryoranyintermediatepointbeforetheendusergetsthe device. Theuser-settablerootoftrustisstoredintamper-evidentstorage. Tamper-evidentmeansthatit'spossibletodetectifAndroidhas tamperedwiththedata,forexample,ifithasbeenoverwrittenorchanged. Ifanuser-settablerootoftrustisset,thedeviceshouldallowaversion ofAndroidsignedwitheitherthebuilt-inrootoftrustortheuser-settable rootoftrusttoboot. Everytimethedevicebootsusingtheuser-settablerootoftrust,theuser shouldbenotifiedthatthedeviceisloadingacustomversionofAndroid.For example,warningscreens,see LOCKED deviceswithcustomkeyset. Onewayofimplementinguser-settablerootoftrustistohaveavirtual partitionthatcanonlybeflashedorclearedwhenthedeviceisinthe UNLOCKEDstate.TheGooglePixel2devicesusethisapproachand thevirtualpartitioniscalledavb_custom_key.Theformatofthe datainthispartitionistheoutputofthe avbtoolextract_public_keycommand.Here'sanexampleofhowtoset theuser-settablerootoftrust: avbtoolextract_public_key--keykey.pem--outputpkmd.bin fastbootflashavb_custom_keypkmd.bin Theuser-settablerootoftrustcanbeclearedbyissuing: fastbooteraseavb_custom_key Sendfeedback ContentandcodesamplesonthispagearesubjecttothelicensesdescribedintheContentLicense.JavaandOpenJDKaretrademarksorregisteredtrademarksofOracleand/oritsaffiliates. Lastupdated2022-10-04UTC. [{ "type":"thumb-down", "id":"missingTheInformationINeed", "label":"MissingtheinformationIneed" },{ "type":"thumb-down", "id":"tooComplicatedTooManySteps", "label":"Toocomplicated/toomanysteps" },{ "type":"thumb-down", "id":"outOfDate", "label":"Outofdate" },{ "type":"thumb-down", "id":"samplesCodeIssue", "label":"Samples/codeissue" },{ "type":"thumb-down", "id":"otherDown", "label":"Other" }] [{ "type":"thumb-up", "id":"easyToUnderstand", "label":"Easytounderstand" },{ "type":"thumb-up", "id":"solvedMyProblem", "label":"Solvedmyproblem" },{ "type":"thumb-up", "id":"otherUp", "label":"Other" }] Needtotellusmore? Build Androidrepository Requirements Downloading Previewbinaries Factoryimages Driverbinaries GitHub Connect @AndroidonTwitter @AndroidDevonTwitter AndroidBlog GoogleSecurityBlog PlatformonGoogleGroups BuildingonGoogleGroups PortingonGoogleGroups Gethelp AndroidHelpCenter PixelHelpCenter www.android.com GoogleMobileServices StackOverflow IssueTracker AboutAndroid Community Legal License Privacy Sitefeedback English BahasaIndonesia Deutsch Español–AméricaLatina Français Italiano Polski Português–Brasil TiếngViệt Türkçe Русский עברית العربيّة فارسی हिंदी বাংলা ภาษาไทย 中文–简体 中文–繁體 日本語 한국어