Avril 2, 2019

Knox Deep Dive: Knox Verified Boot

Phil Keegan

  

With the most recent Knox 3.3 version release, the Samsung Knox team is pleased to introduce Knox Verified Boot. Knox Verified Boot (KVB) is a new solution that both extends and enhances Android Verified Boot (AVB). While AVB only checks the integrity of the kernel and platform components, KVB extends those checks to also cover the earlier bootloaders. This provides a more comprehensive guarantee a device is booting using properly signed components that are all from the same expected build.

KVB performs the same type of validations as the existing Trusted Boot mechanism, but it is able to do so before the device kernel is booted, and thus provides the same data protection guarantees earlier.

KVB component checks are conducted in the bootloader, and validations are made before system services are even started to help provide an even higher level of data protection.

KVB is supported on Samsung S10 and above devices running the Android P operating system or later.