Grace Vulpes Alopex (@pharmafemboy@estradiol.city)
how exactly does the android chain of trust work, actually?
like, I get that the primary bootloader is baked into the SoC, and it uses certificates and hashes to verify the secondary bootloader (which is on the emmc) but what does it do after it verifies and runs the secondary bootloader? is it continuously checking to make sure the bootloader is valid, or does it only check once? is the bootloader loaded into cpu cache, or into ram?
it's possible to get arbitrary code execution in a vm from …
@midtsveen@social.linux.pizza