On Tue, Mar 11, 2025 at 04:57:54PM +1100, Dave Chinner wrote: > And is this a real attack vector that Android must defend against, > why isn't that device and filesystem image cryptographically signed > and verified at boot time to prevent such attacks? That will prevent > the entire class of malicious tampering exploits completely without > having to care about undiscovered filesystem bugs - that's a much > more robust solution from a verified boot and system security > perspective...
That's exactly how it works. See https://source.android.com/docs/security/features/verifiedboot and https://source.android.com/docs/security/features/verifiedboot/dm-verity. - Eric
