Reply to post: Android already has secure boot trust chain

Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3's security chip

Anonymous Coward
Anonymous Coward

Android already has secure boot trust chain

where the each step of the boot verifies the next step, and any change to anything on the system partition changes the root signature. How is this any different? (except it's done in hardware?)

https://source.android.com/security/verifiedboot/dm-verity

"The dm-verity feature lets you look at a block device, the underlying storage layer of the file system, and determine if it matches its expected configuration. It does this using a cryptographic hash tree. For every block (typically 4k), there is a SHA256 hash.

Because the hash values are stored in a tree of pages, only the top-level "root" hash must be trusted to verify the rest of the tree. The ability to modify any of the blocks would be equivalent to breaking the cryptographic hash."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon