This glossary contains specific definitions and context of the technical terms around Binary Transparency.
Log checkpoint: The commitment from a verifiable data structure to its contents.
Log entry: A record in the transparency log. Every log entry corresponds to a new leaf in the Merkle tree.
Log inclusion proof: A cryptographic check that proves that an entry exists within a transparency log.
Log payload: The content of a log entry.
Merkle tree: A data structure that accommodates the construction of a transparency log.
Transparency log: A public-facing, append-only log that has strong authenticity guarantees, constructed using a Merkle tree. Importantly, this log is tamper-evident.
Verifier: Someone, or a process, who verifies a claim. There can be different verifiers for different claims.
Witness: A process run by someone other than the log operator to regularly verify the consistency of the log checkpoint, as assurance that the log has grown in an append-only way.
Pixel Specific Terms
Build: A build refers to a particular firmware version or release that has a corresponding identifier.
Factory Image: A collection of binary image files that can be flashed directly onto your Pixel devices to restore to original factory firmware. This includes all releases for various monthly updates.
Firmware: Code or software that runs throughout the boot process up till the level of Operating Systems.
System Image: A specific binary image file typically named
VBMeta: Stands for Verified Boot Metadata. This is a cryptographically signed data structure that captures various metadata about the collection of binary images within a factory image for a particular build or device.
VBMeta digest: A cryptographically bound composite digest of various binary images within a factory image. This value is not to be confused with directly computing a cryptographic hash of VBMeta.