Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Boot verification in Android

Prashant Pol
September 14, 2023

Boot verification in Android

Boot verification in Android to ensure integrity of OS and partition.

Boot verification is important to ensure all code executed during boot was from a trusted source and nothing was compromised.
In this process dm-verity and AVB is being used for verification. Without boot verified device its difficult for user to believe on its integrity and security.

These slides were presented in DroidKaigi 2023 at Tokyo on 14th September 2023.

Prashant Pol

September 14, 2023
Tweet

Other Decks in Technology

Transcript

  1. Agenda - Boot veri f ication signi f icance -

    Concepts - Veri f ication sequence - Veri f ication in A/B device updates - Rollback protection - Veri f ied boot 2.0 3
  2. 6 Boot Veri f ication signi f icance - Security

    - Unveri f ied f irmware update - Data breach - Lack of trust Boot Veri fi cation is important What if boot veri f ication was not implemented
  3. boot ROM bootloader linux kernel init process zygote process system

    server android launcher UI Boot process overview 9
  4. In simple terms, Ensures that all code executed during boot

    up was from a trusted source and nothing was compromised. Android BootVeri f ication 10
  5. History 4.4 7.0 8.0 Boot Veri f ication was introduced

    Warn user Prevent boot Standardise boot veri f ication Android OS 11 almost a decade ago
  6. Root of trust Android perspective, - A cryptographic key used

    to sign hashes - Private key / Public key - Same key is used for future version releases - Foundation for secure operations - Designed in a way that it must be inherently trusted. 13
  7. Custom root of trust: - Tamper evident storage - Boot

    warning - User’s physical con f irmation required Hardware backed root of trust is considered to be most secure. - in processor chip / system on chip (SoC) Root of trust (cont…) Why ?? 14
  8. - Approved by manufacturer - Signed with manufacturer’s root of

    trust - Boot veri f ication applied Original OS What if want to install custom os ? - Custom OS => Custom Root of Trust - Relax boot veri f ication - How boot loader know about it ? 15
  9. Device State LOCKED UNLOCKED - Prevents flashing custom os version

    - Checks and warns during boot - Can flash custom os version - Boot checks are relaxed Device state 16
  10. - Physical interaction required - User’s data partition is wiped

    out - RAM will be reset - User can flash custom os image - Settings > System > Developer Options > OEM unlocking (ON) - fastboot flashing unlock LOCKED UNLOCKED State changes 17
  11. - fastboot flashing lock -Settings > System > Developer Options

    > OEM unlocking (OFF) - Cannot flash any custom os image - Device reset - Reselling LOCKED UNLOCKED State changes (cont…) 18
  12. Partitions boot system Kernel image recovery Android framework Stores recovery

    image during OTA userdata User installed apps and data vendor Vendor speci f ic binary not distributable with AOSP 20
  13. Partition veri f ication boot Not only boot up code

    or kernel. But need to verify partitions as well. dtbo system vendor • Small partitions • Can be loaded into RAM to calculate hash • Big partitions • Can not be loaded into RAM entirely to calculate hash Each partition’s hash is calculated and saved at the start or end of the partition. )PXUPIBTI#*(QBSUJUJPOT 21
  14. Big partitions are read from disk using tree hashing. Tree

    hashing partition data in bytes Random salt Partition Hash 22
  15. Tree hashing (cont…) partition data in bytes 4K 4K 4K

    4K 4K 4K 4K 4K 4K 4K 4K 4K appended hashes 4K 4K 4K 4K 4K 4K 4K 4K 4K Layer 1 Layer 2 Layer 3 appended hashes 4K 4K 4K 4K 4K 4K Layer 4 4K Root Hash 23
  16. Agenda - Boot veri - Concepts - Veri f ication

    sequence - Veri - Rollback Protection - Veri f 24
  17. Veri f ication sequence Root of trust Start booting Calculate

    hash of next code to execute Compare with pre-calculated hash Is hash comparison success Veri f ication Error Fail Success 25
  18. Handling Veri f ication Error Boot Start Run time Set

    error f lag Restart User handling required Success 26
  19. Device State LOCKED ? Valid OS ? Valid OS ?

    Cannot Boot Warn user eio mode? Show eio screen BOOT OS N Y N Y Boot f low (simpli f ied) N Y Y N Y N 27
  20. Agenda - Boot veri - Concepts - Veri f -

    Veri f ication in A/B device updates - Rollback Protection - Veri f 28
  21. Slot A Slot B A/B device updates Over-the-air (OTA) update.

    - update_engine daemon - Streamed installation Slot A Slot B In Use Idle New version update 29
  22. SLOT A SLOT B OTA update Active isBootable = true

    Boot from slot A Boot from slot B isActive = true Passive Active isSuccessful = true Success Success Failure Failure Passive A/B device update (cont…) 30
  23. Agenda - Boot veri - Concepts - Veri - Veri

    f - Rollback Protection - Veri f 31
  24. Rollback Protection Android Phone OS Other OS version ? v10

    v8 Installed version (rollback index) is important. 32 >
  25. Agenda - Boot veri - Concepts - Veri - Veri

    f - Veri f ied boot 2.0 - Rollback Protection 33
  26. vbmeta hash of boot Hash tree metadata of system Hash

    tree metadata of vendor (Signed by key) Veri f ied boot 2.0 - Android veri f ied boot - Android 8.0 - Standardised partition footer vbmeta struct: - Central data structure - Rollback indexes - Chained partition support 34
  27. VBMeta digest Digest = hash over all vbmeta structs (including

    chained partitions). Digest is used to verify authenticity Digest & keys from hardware backed attestation used to cross verify. 35
  28. Provides boot state with enum Veri f iedBootState. HW Attestation

    - Veri f ied - SelfSigned - Unveri f ied - Failed 36
  29. Conclusion • Boot veri f ication is important to trust

    device. • If boot was compromised then any additional security application or any piece of software cannot be trusted. • Cryptographic hashing & signing is used to ensure authenticity of executed code. • After boot up, hardware backed key attestation data could be used in user space to decide authenticity of boot up. 37
  30. References -https://source.android.com/docs/security/features/veri f iedboot -https://source.android.com/docs/security/features/veri f iedboot/device-state -https://source.android.com/docs/security/features/veri f iedboot/veri

    f ied-boot -https://source.android.com/docs/security/features/veri f iedboot/boot-flow -https://android.googlesource.com/platform/external/avb/+/master/README.md -https://source.android.com/docs/security/features/veri f iedboot/dm-verity -https://android.googlesource.com/platform/hardware/interfaces/+/master/boot/1.0/IBootControl.hal -https://developer.android.com/training/articles/security-key-attestation -https://source.android.com/docs/core/architecture/partitions -https://source.android.com/docs/core/ota/ab -https://android.googlesource.com/platform/external/avb/+/master/README.md#the-vbmeta-digest and many more… 38