This glossary contains specific definitions and context of the technical terms around Binary Transparency.

General Terms

Log checkpoint: The commitment from a verifiable data structure to its contents.

Log entry: A record in the transparency log. Every log entry corresponds to a new leaf in the Merkle tree.

Log inclusion proof: A cryptographic check that proves that an entry exists within a transparency log.

Log payload: The content of a log entry.

Merkle tree: A data structure that accommodates the construction of a transparency log.

Transparency log: A public-facing, append-only log that has strong authenticity guarantees, constructed using a Merkle tree. Importantly, this log is tamper-evident.

Verifier: Someone, or a process, who verifies a claim. There can be different verifiers for different claims.

Witness: A process run by someone other than the log operator to regularly verify the consistency of the log checkpoint, as assurance that the log has grown in an append-only way.

Pixel Specific Terms

Build: A build refers to a particular firmware version or release that has a corresponding identifier.

Factory Image: A collection of binary image files that can be flashed directly onto your Pixel devices to restore to original factory firmware. This includes all releases for various monthly updates.

Firmware: Code or software that runs throughout the boot process up till the level of Operating Systems.

System Image: A specific binary image file typically named system.img.

VBMeta: Stands for Verified Boot Metadata. This is a cryptographically signed data structure that captures various metadata about the collection of binary images within a factory image for a particular build or device.

VBMeta digest: A cryptographically bound composite digest of various binary images within a factory image. This value is not to be confused with directly computing a cryptographic hash of VBMeta.