Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
Stay organized with collections
Save and categorize content based on your preferences.
Implementation
Android-powered devices with Android 9 and lower that have A/B partitions can
use the inactive system_other partition (for example,
system_bwhen slot_a is active) to store preoptimized
VDEX/ODEX files. When system_other is used,
ro.cp_system_other_odex is set to 1 for the package manager
service to set sys.cppreopt=requested for cppreopts.rc
to act on it.
In Android 10, libfs_avb
is introduced to support standalone AVB verification for the
system_other partition. The VBMeta struct of such a partition is
appended to the end of the partition, to be verified by an expected public key
from the file system. The Android build system supports signing
system_other.img while including the corresponding signing key
under /product/etc/security/avb/system_other.avbpubkey. The release
tool sign_target_files_apks.py also supports replacing the signing
key to a release version.
A/B devices launched before Android 10 have a physical
system_other partition, even if it's upgraded to Android 10 with
PRODUCT_RETROFIT_DYNAMIC_PARTITIONS set to true.
A/B devices launched with Android 10 must have a logical
system_other partition. The following example shows a typical
fstab.postinstall file that enables AVB on
system_other.
Devices that need to enable AVB on the system_other partition
should place the fstab file in the product partition and set the
property ro.postinstall.fstab.prefix to /product.
# Use /product/etc/fstab.postinstall to mount system_other. PRODUCT_PRODUCT_PROPERTIES += \ro.postinstall.fstab.prefix=/product
PRODUCT_COPY_FILES+=\$(LOCAL_PATH)/fstab.postinstall:$(TARGET_COPY_OUT_PRODUCT)/etc/fstab.postinstall
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-06-18 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-18 UTC."],[],[],null,["# Verify system_other partition\n\nImplementation\n--------------\n\nAndroid-powered devices with Android 9 and lower that have A/B partitions can\nuse the inactive `system_other` partition (for example,\n`system_b`when `slot_a` is active) to store preoptimized\nVDEX/ODEX files. When `system_other` is used,\n`ro.cp_system_other_odex` is set to 1 for the package manager\nservice to set `sys.cppreopt=requested` for `cppreopts.rc`\nto act on it.\n\nIn Android 10, [`libfs_avb`](https://android.googlesource.com/platform/system/core/+/refs/heads/android16-release/fs_mgr/libfs_avb/)\nis introduced to support standalone AVB verification for the\n`system_other` partition. The VBMeta struct of such a partition is\nappended to the end of the partition, to be verified by an expected public key\nfrom the file system. The Android build system supports signing\n`system_other.img` while including the corresponding signing key\nunder `/product/etc/security/avb/system_other.avbpubkey`. The release\ntool `sign_target_files_apks.py` also supports replacing the signing\nkey to a release version.\n\nA/B devices launched before Android 10 have a physical\n`system_other` partition, even if it's upgraded to Android 10 with\n`PRODUCT_RETROFIT_DYNAMIC_PARTITIONS` set to `true`.\n\n| **Note:** It isn't recommended to enable AVB on these devices. `system_other.img` isn't included in the over-the-air package, which can lead to verification errors after a few A/B updates.\n\nA/B devices launched with Android 10 must have a logical\n`system_other` partition. The following example shows a typical\n`fstab.postinstall` file that enables AVB on\n`system_other`. \n\n```carbon\n#\u003cdev\u003e \u003cmnt_point\u003e \u003ctype\u003e \u003cmnt_flags options\u003e \u003cfs_mgr_flags\u003e\nsystem /postinstall ext4 ro,nosuid,nodev,noexec\nslotselect_other,logical,avb_keys=/product/etc/security/avb/system_other.avbpubkey\n```\n\nDevices that need to enable AVB on the `system_other` partition\nshould place the `fstab` file in the product partition and set the\nproperty `ro.postinstall.fstab.prefix` to `/product`. \n\n```makefile\n# Use /product/etc/fstab.postinstall to mount system_other. PRODUCT_PRODUCT_PROPERTIES += \\\nro.postinstall.fstab.prefix=/product\n\nPRODUCT_COPY_FILES += \\\n$(LOCAL_PATH)/fstab.postinstall:$(TARGET_COPY_OUT_PRODUCT)/etc/fstab.postinstall\n```"]]
