Giving Mobile Security the Boot
TrustZone
TrustZone
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Boot</strong> Chains of Trust<br />
Android <strong>Boot</strong>: Kernel + initrd<br />
• Kernel is same ol’ Linux, but compiled for ARMv7/v8<br />
• InitRD ( 初 始 RAM 磁 盘 ) contains root (/) file system<br />
– /init daemon and o<strong>the</strong>r vital daemons<br />
– /init.rc configuration files<br />
– SEPolicy (SELinux 的 策 略 ) which is enforced on device<br />
• Crucial components for security so bundled toge<strong>the</strong>r<br />
– Kernel + initrd is in one partition<br />
– Aboot verifies hash of partition before loading (if locked)<br />
<strong>Boot</strong>ROM<br />
SBL<br />
A<strong>Boot</strong><br />
Kernel<br />
+ initrd<br />
(C) 2016 Jonathan Levin & Technologeeks.com - Share freely, but please cite source!