Android 4.4 introduced a release of security enhancements, most notably SELinux inwards enforcing mode. One safety characteristic that initially got to a greater extent than or less press attention, because it was presumably aiming to 'end all custom firmware', but hasn't been described inwards much detail, is verified boot. This ship service volition briefly explicate how verified kicking industrial plant in addition to and then present how to configure in addition to enable it on a Nexus device.
Verified kicking amongst dm-verity
Android's verified kicking implementation is based on the dm-verity device-mapper block integrity checking target. Device-mapper is a Linux core framework that provides a generic way to implement virtual block devices. It is used to implement book administration (LVM), full-disk encryption (dm-crypt), RAIDs in addition to fifty-fifty distributed replicated storage (DRBD). Device-mapper industrial plant past times essentially mapping a virtual block device to 1 or to a greater extent than physical block devices, optionally modifying transferred information inwards transit. For example, dm-crypt decrypts read physical blocks in addition to encrypts written blocks before committing them to disk. Thus disk encryption is transparent to users of the virtual dm-crypt block device. Device-mapper targets tin forcefulness out endure stacked on top of each other, making it possible to implement complex information transformations.
As nosotros mentioned, dm-verity is a block integrity checking target. What this way is that it transparently verifies the integrity of each device block equally it is existence read from disk. If the block checks out, the read succeeds, in addition to if non -- the read generates an I/O mistake equally if the block was physically corrupt. Under the hood dm-verity is implemented using a pre-calculated hash tree which includes the hashes of all device blocks. The leafage nodes of the tree include hashes of physical device blocks, land intermediate nodes are hashes of their child nodes (hashes of hashes). The root node is called the root hash in addition to is based on all hashes inwards lower levels (see figure below). Thus a alter fifty-fifty inwards a unmarried device block volition resultant inwards a alter of the root hash. Therefore inwards fellowship to verify a hash tree nosotros solely require to verify its root hash. At runtime dm-verity calculates the hash of each block when it is read in addition to verifies it using the pre-calculated hash tree. Since reading information from a physical device is already a fourth dimension consuming operation, the latency added past times hashing in addition to verification equally relatively low.
[Image from Android dm-verity documentation, licensed nether Creative Commons Attribution 2.5]
Because dm-verity depends on a pre-calculated hash tree over all blocks of a device, the underlying device needs to endure mounted read-only for verification to endure possible. Most filesystems tape mountain times inwards their superblock or similar metadata, hence fifty-fifty if no files are changed at runtime, block integrity checks volition neglect if the underlying block device is mounted read-write. This tin forcefulness out endure seen equally a limitation, but it industrial plant good for devices or partitions that handle organization files, which are solely changed past times OS updates. Any other alter indicates either OS or disk corruption, or a malicious programme that is trying to modify the OS or masquerade equally a organization file. dm-verity's read-only requirement also fits good amongst Android's safety model, which solely hosts application information on a read-write partition, in addition to keeps OS files on the read-only system partition.
Android implementation
dm-verity was originally developed inwards fellowship to implement verified kicking in Chrome OS, in addition to was integrated into the Linux core inwards version 3.4. It is enabled amongst the
The RSA world fundamental used for verification is embedded inwards the kicking sectionalisation nether the verity_key filename in addition to is used to verify the dm-verity mapping table. This mapping tabular array holds the locations of the target device in addition to the offset of the hash table, equally good equally the root hash in addition to salt. The mapping tabular array in addition to its signature are business office of the verity metablock which is written to disk straight subsequently the final filesystem block of the target device. Influenza A virus subtype H5N1 sectionalisation is marked equally verifiable past times adding the verify flag to the Android-specific fs_mgr flags filed of the device's fstab file. When Android's filesystem director encounters the verify flag inwards fstab, it loads the verity metadata from the block device specified inwards fstab in addition to verifies its signature using the verity_key. If the signature banking concern check succeeds, the filesystem director parses the dm-verity mapping tabular array in addition to passes it to the Linux device-mapper, which role the information contained inwards the mapping tabular array inwards fellowship to create a virtual dm-verity block device. This virtual block device is in addition to then mounted at the mountain dot specified inwards fstab inwards place of the corresponding physical device. As a result, all reads from the underlying physical device are transparently verified against the pre-generated hash tree. Modifying or adding files, or fifty-fifty remounting the sectionalisation inwards read-write mode, results inwards an integrity verification failure in addition to an I/O error.
We must greenback that equally dm-verity is a core feature, inwards fellowship for the integrity protection it provides to endure effective, the core the device boots needs to endure trusted. On Android, this way verifying the boot partition, which also includes the root filesystem RAM disk (initrd) in addition to the verity world key. This procedure is device-specific in addition to is typically implemented inwards the device bootloader, normally past times using an unmodifiable verification fundamental stored inwards hardware to verify the kicking partition's signature.
CONFIG_DM_VERITY core configuration item. Like Chrome OS, Android 4.4 also uses the kernel's dm-verity target, but the cryptographic verification of the root hash in addition to mounting of verified partitions are implemented differently from Chrome OS.The RSA world fundamental used for verification is embedded inwards the kicking sectionalisation nether the verity_key filename in addition to is used to verify the dm-verity mapping table. This mapping tabular array holds the locations of the target device in addition to the offset of the hash table, equally good equally the root hash in addition to salt. The mapping tabular array in addition to its signature are business office of the verity metablock which is written to disk straight subsequently the final filesystem block of the target device. Influenza A virus subtype H5N1 sectionalisation is marked equally verifiable past times adding the verify flag to the Android-specific fs_mgr flags filed of the device's fstab file. When Android's filesystem director encounters the verify flag inwards fstab, it loads the verity metadata from the block device specified inwards fstab in addition to verifies its signature using the verity_key. If the signature banking concern check succeeds, the filesystem director parses the dm-verity mapping tabular array in addition to passes it to the Linux device-mapper, which role the information contained inwards the mapping tabular array inwards fellowship to create a virtual dm-verity block device. This virtual block device is in addition to then mounted at the mountain dot specified inwards fstab inwards place of the corresponding physical device. As a result, all reads from the underlying physical device are transparently verified against the pre-generated hash tree. Modifying or adding files, or fifty-fifty remounting the sectionalisation inwards read-write mode, results inwards an integrity verification failure in addition to an I/O error.
We must greenback that equally dm-verity is a core feature, inwards fellowship for the integrity protection it provides to endure effective, the core the device boots needs to endure trusted. On Android, this way verifying the boot partition, which also includes the root filesystem RAM disk (initrd) in addition to the verity world key. This procedure is device-specific in addition to is typically implemented inwards the device bootloader, normally past times using an unmodifiable verification fundamental stored inwards hardware to verify the kicking partition's signature.
Enabling verified boot
The official documentation describes the steps required to enable verified kicking on Android, but lacks concrete information virtually the actual tools in addition to commands that are needed. In this department nosotros present the commands required to create in addition to sign a dm-verity hash tabular array in addition to demonstrate how to configure an Android device to role it. Here is a summary of the required steps:
- Generate a hash tree for that system partition.
- Build a dm-verity tabular array for that hash tree.
- Sign that dm-verity tabular array to attain a tabular array signature.
- Bundle the tabular array signature in addition to dm-verity tabular array into verity metadata.
- Write the verity metadata in addition to the hash tree to the system parition.
- Enable verified kicking inwards the devices's fstab file.
As nosotros mentioned earlier, dm-verity tin forcefulness out solely endure used amongst a device or sectionalisation that is mounted read-only at runtime, such equally Android's system partition. While verified kicking tin forcefulness out endure applied to other read-only partition's such equally those hosting proprietary firmware blobs, this event uses the system partition, equally protecting OS files results inwards considerable device safety benefits.
A dm-verity hash tree is generated amongst the dedicated veritysetup program. veritysetup can operate straight on block devices or role filesystem images in addition to write the hash tabular array to a file. It is supposed to attain platform-independent output, but hash tables produced on desktop Linux didn't quite concur amongst Android, hence for this event we'll generate the hash tree straight on the device. To attain this nosotros commencement require to compile veritysetup for Android. Influenza A virus subtype H5N1 projection that generates a statically linked veritysetup binary is provided on Github. It uses the OpenSSL backend for hash calculations in addition to has solely been slightly modified (in a non likewise portable way...), to let for the unlike size of the
off_t information type, which is 32-bit inwards electrical current versions of Android's bionic library. In fellowship to add together the hash tree straight to the organization partition, nosotros commencement require to brand certain that in that location is plenty infinite to handle the hash tree in addition to the verity metadata block (32k) subsequently the final filesystem block. As most devices typically role the whole system partition, you lot may require to modify the
This event was executed on a Nexus 4, brand certain you lot role the right block device for your telephone instead of /dev/block/mmcblk0p21. The --hash-offset parameter is needed because nosotros are writing the hash tree to the same device that holds filesystem data. It is specified inwards bytes (not blocks) in addition to needs to dot to a location subsequently the verity metadata block. Adjust according to your filesystem size hence that hash_offset > filesystem_size + 32k. The side past times side parameter, --data-blocks, specifies the release of blocks used past times the filesystem. The default block size is 4096, but you lot tin forcefulness out specify a unlike size using the --data-block-size parameter. This value needs to fit the size allocated to the filesystem with
Once you lot convey the root hash in addition to salt, you lot tin forcefulness out generate in addition to sign the dm-verity table. The tabular array is a unmarried business that contains the call of the block device, block sizes, offsets, common salt in addition to root hash values. You tin forcefulness out role the gentable.py script (edit constant values accordingly first) to generate it or write it manually based on the output of veritysetup. See dm-verity's documentation for details virtually the format. For our event it looks similar this (single line, divide for readability):
Next, generate a 2048-bit RSA fundamental in addition to sign the tabular array using OpenSSL. You tin forcefulness out role the ascendance bellow or the sign.sh script on Github.
Once you lot convey a signature you lot tin forcefulness out generate the verity metadata block, which includes a magic release (
Next, write the generated verity.bin file to the system sectionalisation using dd or a similar tool, right subsequently the final filesystem block in addition to before the start of the verity hash table. Using the same release of information blocks passed to veritysetup, the needed ascendance (which also needs to endure executed inwards recovery) becomes:
BOARD_SYSTEMIMAGE_PARTITION_SIZE value inwards your device's BoardConfig.mk to let for storing verity data. After you lot convey adjusted the size of the system partition, transfer the veritysetup binary to the cache or data partitions of the device, in addition to kicking a recovery that allows root vanquish access over ADB. To generate in addition to write the hash tree to the device nosotros role the veritysetup format ascendance equally shown below.# veritysetup --debug --hash-offset 838893568 --data-blocks 204800 format \ /dev/block/mmcblk0p21 /dev/block/mmcblk0p21 ... # Updating VERITY header of size 512 on device /dev/block/mmcblk0p21, offset 838893568. VERITY header information for /dev/block/mmcblk0p21 UUID: 0dd970aa-3150-4c68-abcd-0b8286e6000 Hash type: 1 Data blocks: 204800 Data block size: 4096 Hash block size: 4096 Hash algorithm: sha256 Salt: 1f951588516c7e3eec3ba10796aa17935c0c917475f8992353ef2ba5c3f47bcb Root hash: 5f061f591b51bf541ab9d89652ec543ba253f2ed9c8521ac61f1208267c3bfb1
This event was executed on a Nexus 4, brand certain you lot role the right block device for your telephone instead of /dev/block/mmcblk0p21. The --hash-offset parameter is needed because nosotros are writing the hash tree to the same device that holds filesystem data. It is specified inwards bytes (not blocks) in addition to needs to dot to a location subsequently the verity metadata block. Adjust according to your filesystem size hence that hash_offset > filesystem_size + 32k. The side past times side parameter, --data-blocks, specifies the release of blocks used past times the filesystem. The default block size is 4096, but you lot tin forcefulness out specify a unlike size using the --data-block-size parameter. This value needs to fit the size allocated to the filesystem with
BOARD_SYSTEMIMAGE_PARTITION_SIZE. If the ascendance succeeds it volition output the calculated root hash in addition to the common salt value used, equally shown above. Everything but the root hash is saved inwards the superblock (first block) of the hash table. Make certain you lot salve the root hash, equally it is required to consummate the verity setup.Once you lot convey the root hash in addition to salt, you lot tin forcefulness out generate in addition to sign the dm-verity table. The tabular array is a unmarried business that contains the call of the block device, block sizes, offsets, common salt in addition to root hash values. You tin forcefulness out role the gentable.py script (edit constant values accordingly first) to generate it or write it manually based on the output of veritysetup. See dm-verity's documentation for details virtually the format. For our event it looks similar this (single line, divide for readability):
1 /dev/block/mmcblk0p21 /dev/block/mmcblk0p21 4096 4096 204800 204809 sha256 \ 5f061f591b51bf541ab9d89652ec543ba253f2ed9c8521ac61f1208267c3bfb1 \ 1f951588516c7e3eec3ba10796aa17935c0c917475f8992353ef2ba5c3f47bcb
Next, generate a 2048-bit RSA fundamental in addition to sign the tabular array using OpenSSL. You tin forcefulness out role the ascendance bellow or the sign.sh script on Github.
$ openssl dgst -sha1 -sign verity-key.pem -out table.sig table.bin
Once you lot convey a signature you lot tin forcefulness out generate the verity metadata block, which includes a magic release (
0xb001b001) in addition to the metadata format version, followed past times the RSA PKCS#1.5 signature blob in addition to tabular array string, padded amongst zeros to 32k. You tin forcefulness out generate the metadata block amongst the mkverity.py script past times passing the signature in addition to tabular array files similar this:$ ./mkverity.py table.sig table.bin verity.bin
Next, write the generated verity.bin file to the system sectionalisation using dd or a similar tool, right subsequently the final filesystem block in addition to before the start of the verity hash table. Using the same release of information blocks passed to veritysetup, the needed ascendance (which also needs to endure executed inwards recovery) becomes:
# dd if=verity.bin of=/dev/block/mmcblk0p21 bs=4096 seek=204800
Finally, you lot tin forcefulness out banking concern check that the sectionalisation is properly formatted using the veritysetup verify ascendance equally shown below, where the final parameter is the root hash:
If verification succeeds, reboot the device in addition to verify that the device boots without errors. If it does, you lot tin forcefulness out popular off on to the side past times side step: add together the verification fundamental to the kicking picture in addition to enable automatic integrity verification.
The RSA world fundamental used for verification needs to endure inwards mincrypt format (also used past times the stock recovery when verifying OTA file signatures), which is a serialization of mincrypt's
Next, verify that your core configuration enable
Now whatsoever modifications to the system sectionalisation volition resultant inwards read errors when reading the corresponding file(s). Unfortunately, organization modifications past times file-based OTA updates, which modify file blocks without updating verity metadata, volition also invalidate the hash tree. As mentioned inwards the official documentation, inwards fellowship to endure compatible amongst dm-verity verified boot, OTA updates should also operate at the block level, ensuring that both file blocks in addition to the hash tree in addition to metadata are updated. This requires changing the electrical current OTA update infrastructure, which is in all probability 1 of the reasons verified kicking hasn't been deployed to production devices yet.
# veritysetup --debug --hash-offset 838893568 --data-blocks 204800 verify \ /dev/block/mmcblk0p21 /dev/block/mmcblk0p21 \ 5f061f591b51bf541ab9d89652ec543ba253f2ed9c8521ac61f1208267c3bfb1
If verification succeeds, reboot the device in addition to verify that the device boots without errors. If it does, you lot tin forcefulness out popular off on to the side past times side step: add together the verification fundamental to the kicking picture in addition to enable automatic integrity verification.
The RSA world fundamental used for verification needs to endure inwards mincrypt format (also used past times the stock recovery when verifying OTA file signatures), which is a serialization of mincrypt's
RSAPublicKey structure. The interesting thing virtually this construction is that ts doesn't precisely include the modulus in addition to world exponent values, but contains pre-computed values used past times mincrypt's RSA implementation (based on Montgomery reduction). Therefore converting an OpenSSL RSA world fundamental to mincrypt format requires to a greater extent than or less modular operations in addition to is non precisely a binary format conversion. You tin forcefulness out convert the PEM fundamental using the pem2mincrypt tool (conversion code shamelessly stolen from secure adb's implementation). Once you lot convey converted the key, include it inwards the root of your kicking picture nether the verity_key filename. The final measuring is to modify the device's fstab file inwards fellowship to enable block integrity verification for the system partition. This is precisely a thing of adding the verify flag, equally shown below:/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro, barrier=1 wait,verify
Next, verify that your core configuration enable
CONFIG_DM_VERITY, enable it if needed in addition to create your kicking image. Once you lot convey boot.img, you lot tin forcefulness out sweat booting the device amongst it using fastboot kicking boot.img (without flashing it). If the hash tabular array in addition to verity metadata blcok convey been generated in addition to written correctly, the device should boot, in addition to /system should endure a mountain of the automatically created device-mapper virtual device, equally shown below. If the kicking is successful, you lot tin forcefulness out permanently flash the kicking picture to the device.# mount|grep organization /dev/block/dm-0 /system ext4 ro,seclabel,relatime,data=ordered 0 0
Now whatsoever modifications to the system sectionalisation volition resultant inwards read errors when reading the corresponding file(s). Unfortunately, organization modifications past times file-based OTA updates, which modify file blocks without updating verity metadata, volition also invalidate the hash tree. As mentioned inwards the official documentation, inwards fellowship to endure compatible amongst dm-verity verified boot, OTA updates should also operate at the block level, ensuring that both file blocks in addition to the hash tree in addition to metadata are updated. This requires changing the electrical current OTA update infrastructure, which is in all probability 1 of the reasons verified kicking hasn't been deployed to production devices yet.
Summary
Android includes a verified kicking implementation based on the dm-verity device-mapper target since version 4.4. dm-verity is enabled past times adding a hash tabular array in addition to a signed metadata block to the system sectionalisation in addition to specifying the verify flag inwards the device's fstab file. At kicking fourth dimension Android verifies the metadata signature in addition to uses the included device-mapper tabular array to create in addition to mountain a virtual block device at /system. As a result, all reads from /system are verified against the dm-verity hash tree, in addition to whatsoever modification to the organization sectionalisation results inwards I/O errors.
Tag :
android security
0 Komentar untuk "Droidcedas : Using Kitkat Verified Boot"