Android boots in layers that are encrypted with different keys. The first key in the TPM enlocks the base OS up to the lock screen. From there a pin is entered and the rest of the system is decrypted.
If a compromise happened in the OS the phone would just fail to boot since the integrity of the system is validated by the TPM.
Android boots in layers that are encrypted with different keys. The first key in the TPM enlocks the base OS up to the lock screen. From there a pin is entered and the rest of the system is decrypted.
If a compromise happened in the OS the phone would just fail to boot since the integrity of the system is validated by the TPM.
Yes, that’s how a normal bootchain works in every system ever - like the IoT device running Linux I’m right now working with.
It doesn’t though
Standard Linux doesn’t check for tampering since that requires hardware and firmware support.
I’m sorry but you really have no idea what you’re talking about. Several distros ship with SELinux and Secure Boot by default.