3

I am trying to understand the secure boot process. Lets say the firmware is locked and only does signed installation of an OS image. This "image" is a compressed bundle of all the binaries needed by the system. So once these are installed they are laid down in the filesystem. After that why can't I copy some other binary onto the device. How will the system know that its not part of the original installation?

Does Android have signature verification on individual binaries before they are loaded? Without this I am not sure how it can be done.

Assuming there is no binary signature verification at load time, I can think of this -- The root file system will be mounted read only and only the SU service will be able to remount it in rw mode when doing the SU. And, the 'mount' and 'su' programs will not be part of the install (among other programs). Will this be enough to prevent someone from installing custom binaries into the root partition?

user220201
  • 893
  • 9
  • 22
  • I'm not actually sure that this is on topic here (despite being at security at a high level) as it is really about the architecture decisins made in Android. Tempted to migrate it to Android.SE - thoughts? – Rory Alsop Jan 06 '17 at 20:30
  • 1
    This is a general security architecture question. I see a ton of other boot and file system related questions already on here. So if you can keep it here it will be great. If I don't get answers here I will ask on superuser later on. – user220201 Jan 06 '17 at 20:40
  • No worries. Let one of the mods know if it gets no attention and w can migrate – Rory Alsop Jan 06 '17 at 21:21

1 Answers1

1

On older versions of Android, this protection didn't exist, and a lot of root exploits for devices used this to their advantage. Newer versions of Android use dm-verity in the kernel to ensure that no part of the system partition has been tampered with, by checking signed hashes of each block. They also have a chain of trust going through the bootloader and back to the SoC to prevent simply removing this feature from the kernel.

Joseph Sible-Reinstate Monica
  • 7,110
  • 3
  • 21
  • 35