When started with Storage on top of java.io, the framework supports a mechanism for tamper protection of its storage.

In order to avoid tampering with stored bundles and specially with extension bundles, when a bundle is installed in the framework and is stored outside a "trusted" directory, the framework calculates its CRC checksum and saves it persistently. When the framework is restarted, it recalculates the checksum and compares the new value with the stored one. Bundles whose old checksums do not match the new ones, are removed from the framework.

The trusted storage directory is determined as the value of the mbs.storage.trustedRoot system property.