Hi, this is my first post on XDA, even though I've been trolling/using the site since my first Android device in 2011.
According to everything I've read so far, implementing dm-verity on anything but a completely untouched OEM /system is impossible. This breaks the ability to extend "internal" storage with a microsd card and forces us to use workarounds to encrypt /data on Marshmallow Sense roms (and probably others).
All of the media hype surrounding mobile device security lately has me thinking more about this subject.
In theory, if we are s-off, couldn't we implement this functionality into a rom/kernel (hboot and/or aboot?) of our own design, customized to our preference, then lock the bootloader back down and s-on to prevent modification by anyone without the dm-verity table signature?
If we could implement this, it would be a huge breakthrough in security, especially for those of us who like to modify our devices.
According to everything I've read so far, implementing dm-verity on anything but a completely untouched OEM /system is impossible. This breaks the ability to extend "internal" storage with a microsd card and forces us to use workarounds to encrypt /data on Marshmallow Sense roms (and probably others).
All of the media hype surrounding mobile device security lately has me thinking more about this subject.
In theory, if we are s-off, couldn't we implement this functionality into a rom/kernel (hboot and/or aboot?) of our own design, customized to our preference, then lock the bootloader back down and s-on to prevent modification by anyone without the dm-verity table signature?
If we could implement this, it would be a huge breakthrough in security, especially for those of us who like to modify our devices.
from xda-developers http://ift.tt/1RGWGFG
via IFTTT
No comments:
Post a Comment