Prashant Pol Boot veri f ication in Android To ensure integrity of os and partitions 1

Introduction Android Engineer at LINE Multi device experience team @prashantspol 2

Agenda - Boot veri f ication signi f icance - Concepts - Veri f ication sequence - Veri f ication in A/B device updates - Rollback protection - Veri f ied boot 2.0 3

Why boot veri f ication signi f icant 4

Boot Android OS Anti-virus Anti-malware Google Play Protect periodic scans Phone Security 5

6 Boot Veri f ication signi f icance - Security - Unveri f ied f irmware update - Data breach - Lack of trust Boot Veri fi cation is important What if boot veri f ication was not implemented

What is Boot? 7

Boot process overview Some of piece of software Android launcher UI 8

boot ROM bootloader linux kernel init process zygote process system server android launcher UI Boot process overview 9

In simple terms, Ensures that all code executed during boot up was from a trusted source and nothing was compromised. Android BootVeri f ication 10

History 4.4 7.0 8.0 Boot Veri f ication was introduced Warn user Prevent boot Standardise boot veri f ication Android OS 11 almost a decade ago

Root of trust Bootloader boot partition other partitions BootVeri f ication 12

Root of trust Android perspective, - A cryptographic key used to sign hashes - Private key / Public key - Same key is used for future version releases - Foundation for secure operations - Designed in a way that it must be inherently trusted. 13

Custom root of trust: - Tamper evident storage - Boot warning - User’s physical con f irmation required Hardware backed root of trust is considered to be most secure. - in processor chip / system on chip (SoC) Root of trust (cont…) Why ?? 14

- Approved by manufacturer - Signed with manufacturer’s root of trust - Boot veri f ication applied Original OS What if want to install custom os ? - Custom OS => Custom Root of Trust - Relax boot veri f ication - How boot loader know about it ? 15

Device State LOCKED UNLOCKED - Prevents flashing custom os version - Checks and warns during boot - Can flash custom os version - Boot checks are relaxed Device state 16

- Physical interaction required - User’s data partition is wiped out - RAM will be reset - User can flash custom os image - Settings > System > Developer Options > OEM unlocking (ON) - fastboot flashing unlock LOCKED UNLOCKED State changes 17

- fastboot flashing lock -Settings > System > Developer Options > OEM unlocking (OFF) - Cannot flash any custom os image - Device reset - Reselling LOCKED UNLOCKED State changes (cont…) 18

Root of trust Bootloader Boot partition Other Partitions BootVeri f ication 19

Partitions boot system Kernel image recovery Android framework Stores recovery image during OTA userdata User installed apps and data vendor Vendor speci f ic binary not distributable with AOSP 20

Partition veri f ication boot Not only boot up code or kernel. But need to verify partitions as well. dtbo system vendor • Small partitions • Can be loaded into RAM to calculate hash • Big partitions • Can not be loaded into RAM entirely to calculate hash Each partition’s hash is calculated and saved at the start or end of the partition. )PXUPIBTI#*(QBSUJUJPOT 21

Big partitions are read from disk using tree hashing. Tree hashing partition data in bytes Random salt Partition Hash 22

Tree hashing (cont…) partition data in bytes 4K 4K 4K 4K 4K 4K 4K 4K 4K 4K 4K 4K appended hashes 4K 4K 4K 4K 4K 4K 4K 4K 4K Layer 1 Layer 2 Layer 3 appended hashes 4K 4K 4K 4K 4K 4K Layer 4 4K Root Hash 23

Agenda - Boot veri - Concepts - Veri f ication sequence - Veri - Rollback Protection - Veri f 24

Veri f ication sequence Root of trust Start booting Calculate hash of next code to execute Compare with pre-calculated hash Is hash comparison success Veri f ication Error Fail Success 25

Handling Veri f ication Error Boot Start Run time Set error f lag Restart User handling required Success 26

Device State LOCKED ? Valid OS ? Valid OS ? Cannot Boot Warn user eio mode? Show eio screen BOOT OS N Y N Y Boot f low (simpli f ied) N Y Y N Y N 27

Agenda - Boot veri - Concepts - Veri f - Veri f ication in A/B device updates - Rollback Protection - Veri f 28

Slot A Slot B A/B device updates Over-the-air (OTA) update. - update_engine daemon - Streamed installation Slot A Slot B In Use Idle New version update 29

SLOT A SLOT B OTA update Active isBootable = true Boot from slot A Boot from slot B isActive = true Passive Active isSuccessful = true Success Success Failure Failure Passive A/B device update (cont…) 30

Agenda - Boot veri - Concepts - Veri - Veri f - Rollback Protection - Veri f 31

Rollback Protection Android Phone OS Other OS version ? v10 v8 Installed version (rollback index) is important. 32 >

Agenda - Boot veri - Concepts - Veri - Veri f - Veri f ied boot 2.0 - Rollback Protection 33

vbmeta hash of boot Hash tree metadata of system Hash tree metadata of vendor (Signed by key) Veri f ied boot 2.0 - Android veri f ied boot - Android 8.0 - Standardised partition footer vbmeta struct: - Central data structure - Rollback indexes - Chained partition support 34

VBMeta digest Digest = hash over all vbmeta structs (including chained partitions). Digest is used to verify authenticity Digest & keys from hardware backed attestation used to cross verify. 35

Provides boot state with enum Veri f iedBootState. HW Attestation - Veri f ied - SelfSigned - Unveri f ied - Failed 36

Conclusion • Boot veri f ication is important to trust device. • If boot was compromised then any additional security application or any piece of software cannot be trusted. • Cryptographic hashing & signing is used to ensure authenticity of executed code. • After boot up, hardware backed key attestation data could be used in user space to decide authenticity of boot up. 37

References -https://source.android.com/docs/security/features/veri f iedboot -https://source.android.com/docs/security/features/veri f iedboot/device-state -https://source.android.com/docs/security/features/veri f iedboot/veri f ied-boot -https://source.android.com/docs/security/features/veri f iedboot/boot-flow -https://android.googlesource.com/platform/external/avb/+/master/README.md -https://source.android.com/docs/security/features/veri f iedboot/dm-verity -https://android.googlesource.com/platform/hardware/interfaces/+/master/boot/1.0/IBootControl.hal -https://developer.android.com/training/articles/security-key-attestation -https://source.android.com/docs/core/architecture/partitions -https://source.android.com/docs/core/ota/ab -https://android.googlesource.com/platform/external/avb/+/master/README.md#the-vbmeta-digest and many more… 38

Thank you 39