Android 7.0 Smartphones To Have Strictly Enforced Verified Boot With Forward Error Correction

News
By
published

Android verified boot architecture

Beyond the improved sandboxing for the media stack modules, better code sanitization, and other security features coming to Android 7.0 “Nougat,” the new version of Android will also get a ”strictly enforced verified boot” system, which should better protect against malicious code that runs at boot. Android will also add a feature called “forward error correction” to reduce the number of devices that stop booting due to random software errors.

Strictly Enforced Verified Boot

Google introduced the verified boot system in Android 4.4, and users started seeing warnings if their bootloader was unlocked or if the system image was corrupt in Android 6.0. After seeing the warning the user could continue to boot their device.

Verified boot in Android 6.0

Starting with Android 7.0, the verified boot process will be strictly enforced, and the device won’t boot anymore if it’s been compromised by malicious code. Users should still be able to boot into safe mode and restore their devices to a clean image of Android.

The smartphone owners who still want to root their devices should be able to continue to do that, but only if the bootloader is unlocked first. Otherwise, the verified boot system will consider the OS image corrupted, and will not allow the boot process to continue. Most rooted devices need to have their bootloaders unlocked for the root to remain permanent, so this shouldn’t be an issue for most custom ROM users.

Forward Error Correction

The new version of the operating system will also feature “forward error correction,” or redundant code that it can use to repair the critical parts of the OS, to ensure that Android 7.0+ devices don’t lock-up because of random software corruption.

However, there’s a trade-off between how many errors the software can fix and how much overhead the redundant code produces. Google could’ve chosen to fix up to 16 errors per 255-bytes block, but the redundant code would’ve represented a 15 percent overhead. Google eventually went with one error per 255-bytes block that the software can fix, which only adds an overhead of 0.8 percent.

It’s possible that as budget smartphones gain more storage in the future and Google has more time to evaluate the feature that it can choose to increase the overhead, and therefore the level of correction the system can perform.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
7 Comments Comment from the forums
  • epdm2be
    As I predicted long ago. Over time Android will be as closed as every other smartphone or other OS. With all the loss of freedom that we took for granted now.
    Reply
  • ddpruitt
    18307656 said:
    As I predicted long ago. Over time Android will be as closed as every other smartphone or other OS. With all the loss of freedom that we took for granted now.

    How exactly is this closing the system? All they're doing is verifying that the system partition contains what it the manufacturer put on there and hasn't been changed by something like a rootkit. Rooting a device requires unlocking the bootloader anyway, which usually wipes the device and disables the checks.
    Reply
  • randomizer
    18307656 said:
    As I predicted long ago. Over time Android will be as closed as every other smartphone or other OS. With all the loss of freedom that we took for granted now.

    It's quasi-proprietary so of course it's going to be closed up.
    Reply
  • house70
    Wow. Two misinformed comments already. Did you guys even know how the root is maintained? Or, even better, did you even read the part of the article where it explains how root will be achieved, even with these checks in place?

    The only thing this will block will be un-authorized rooting processes that use exploits to achieve root, possibly without even the owner's consent. Only via consent (a.k.a. unlocking bootloader) rooting will be maintained. A good step forward, IMO. Remember the websites that promised root just by clicking on a link? Gone. And that's a good thing. If you want to root your phone (I use to do that all the time, but nowadays, with the plethora of customizations that Android offers, not needed anymore), you will still be able to do it, but you really have to be willing to do it and know what you're doing. Amateurs will be deterred, and that's another good thing.
    Reply
  • tsnor
    Can you say a bit more about how forward error correction is used? (Is this when a cache line is fetched the hardware can determine if there is a single bit error and correct it, but this could also be when a program is read into memory it is scanned to see if the disk copy is corrupt, and then repaired with the FEC code)
    Reply
  • house70
    18307656 said:
    As I predicted long ago. Over time Android will be as closed as every other smartphone or other OS. With all the loss of freedom that we took for granted now.

    With all the options to customize your phone, launchers, widgets, animations, homescreens, app drawers, default apps for various functions, etc. available, I very much doubt that ALL this will be made unavailable to public. How can you tell an Android from an iPhone? Just by looking at the home screen and realizing that iPhones look all the same, whereas Android devices are individually customized. If you look under the skin you'll see that you can pretty much select what apps should be launched by default for various functions. These will never be eliminated by Google. I don't see any loss here.
    Reply
  • wifiburger
    meh, makes no difference to me, the quality of android os from factory is really good lately ,
    can't say much about custom mods, I tried alot of them and they lack polish / always broken,
    Reply