Home > Others

Validation of the Startup

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Introduced

Android 4.4 and later versions support authentication boot with optional dm-verity kernel features that provide transparent block device integrity checks. Dm-verity can help block the root component, The component is able to gain root privileges. This experimental feature helps to check if the device is being started as it was last used.

Smart malware with root privileges can hide the detection program and therefore be able to hide themselves. The root software can do this because they have more privileges than the detection program, which makes the software "lie" to the detection program.

The Dm-verity feature allows you to see a block device, the underlying storage layer of the file system, and decide whether to match his desired configuration. They use a password hash tree to implement. For each block (usually 4K), there is a SHA256 hash.

Since the hashes are stored in a page tree, only the top-level "root" hash can be trusted to validate the rest of the tree. The ability to modify blocks should be equivalent to breaking the cryptographic hash. Look at the diagram below to see a description of the structure.


dm-verity Hash table

A public key is included in the boot partition, which must be externally validated by the OEM. The key is used to verify the signature of the hash and to verify that the system partition of the device is protected and unchanging.

Prerequisites determine a validated start-up flow

To significantly reduce the risk of compromise, use a key burned to the device to verify the kernel. Detailed details are described in the following article, "Verifying startup."

Turn to block-oriented OTA

In order to enable the dm-verity of devices, it is necessary to use block-based OTA updates to ensure that all devices use the same system partition. More details are presented in the article "block-based Ota".

Configure Dm-verity

After turning to block-oriented OTA, combine the latest Android kernel with a rising kernel, and turn on dm-verity support by including the relevant configuration options config_dm_verity.

When using the Android kernel, Dm-verity is opened when the kernel is built. More details will be described in the following article "Implementing Dm-verity".

Validation of the Startup

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
list of validation rules types of validation in php wordpress the field get the permalink date of birth validation in php crontab startup startup stash

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More