I am trying to understand the secure boot process. Lets say the firmware is locked and only does signed installation of an OS image. This "image" is a compressed bundle of all the binaries needed by the system. So once these are installed they are laid down in the filesystem. After that why can't I copy some other binary onto the device. How will the system know that its not part of the original installation?
Does Android have signature verification on individual binaries before they are loaded? Without this I am not sure how it can be done.
Assuming there is no binary signature verification at load time, I can think of this -- The root file system will be mounted read only and only the SU service will be able to remount it in rw mode when doing the SU. And, the 'mount' and 'su' programs will not be part of the install (among other programs). Will this be enough to prevent someone from installing custom binaries into the root partition?