{"id":1910,"date":"2017-11-17T15:53:39","date_gmt":"2017-11-17T10:23:39","guid":{"rendered":"http:\/\/localhost:8081\/system-on-module-som\/?p=1910"},"modified":"2024-03-19T13:49:11","modified_gmt":"2024-03-19T08:19:11","slug":"secure-booting-an-android-embedded-device","status":"publish","type":"post","link":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/secure-booting-an-android-embedded-device\/","title":{"rendered":"Secure booting an Android Embedded Device"},"content":{"rendered":"

Android started as a mobile phone operating system has widespread adoption and is running on more and more embedded devices of all kinds. This adoption has high demands placed on security at different levels starting from boot loader to system. Android verified boot addresses these exact security issues by establishing a chain of trust from the bootloader to the system image.<\/p>\n

Secure booting<\/strong><\/p>\n

Android verified boot happens in two steps \u2013 Secure booting and system image verification. This section speaks about secure booting.<\/p>\n

When you build the bits from Android AOSP source you will find the boot image with the file name boot.img. These boot images hold a signature block at the end of the image. When these images are flashed and run on a device, the bootloader verifies these signature using a key that is stored in a secure keystore on the device. OEM’s can ship their keys on the device by publishing them into the keystore with a signing mechanism.<\/p>\n

An Android bootloader in run-time can have three states: Locked, Verified, Unlocked<\/em>.<\/p>\n

Closed devices are generally shipped with bootloader in locked<\/em> state. In this state no images can be flashed or erased using Fastboot<\/strong> tool. Boot and recovery images are verified by the bootloader using the keystore while booting.<\/p>\n

Verified<\/em> bootloader state configurations are used when some partitions are required to be flashed or erased using Fastboot<\/strong> tool. Still the boot and recovery images are verified by the bootloader using an enrolled keystore.<\/p>\n

If the bootloader is configured as unlocked<\/em> a user can exercise all Fastboot<\/strong> commands.<\/p>\n

The user experience on the device because of bootloader configured in a particular way and its check failures are shown below:<\/p>\n

\"Boot<\/p>\n

\"Boot<\/p>\n

\"Boot<\/p>\n

Secure System Image<\/strong><\/p>\n

Android uses cryptographic hash trees involving leaf nodes, intermediary nodes and root hash. The root hash is signed with a certificate stored in the boot image ramdisk. dm-verity<\/strong> is a tool available in android that can be configured to verify images that get loaded into memory. Images like system, vendor can be provisioned to dm-verity<\/strong> while building Android for tamper checks during run time. dm-verity<\/strong> can be provisioned for user and user debug Android builds.<\/p>\n

As dm-verity<\/strong> integrity checks are based on block level root hashes, OTA upgrades on such systems need to take place at block level than per file basis.<\/p>\n

The build option for dm-verity<\/strong> is shown below for reference, the default option is enabled:<\/p>\n\n\n
\n

androidboot.dm_verity=disabled<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

e-consystems an expert in embedded Android devices can support you with boot time optimization, customizing your Android device images and Android OTA.<\/p>\n

Please visit our developer<\/a> website to download detailed instructions to build, deploy and run Android on eSOMiMX6 devices.<\/p>\n

Interested in off the shelve solution for Android OTA for your embedded device visit: https:\/\/esomgears.e-consystems.com we can customize it for you.<\/p>\n

For further assistance and queries get in touch with sales@e-consystems.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Android started as a mobile phone operating system has widespread adoption and is running on…<\/p>\n","protected":false},"author":27,"featured_media":1935,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,193,212],"tags":[362,392],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/posts\/1910"}],"collection":[{"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/comments?post=1910"}],"version-history":[{"count":18,"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/posts\/1910\/revisions"}],"predecessor-version":[{"id":3018,"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/posts\/1910\/revisions\/3018"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/media\/1935"}],"wp:attachment":[{"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/media?parent=1910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/categories?post=1910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.e-consystems.com\/blog\/system-on-module-som\/wp-json\/wp\/v2\/tags?post=1910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}