So we have to unlock bootloader to break the chain of trust so that it just ignores the unverifiable state of OS. Modifying such components means they are no more signed with OEM's private keys and hence cannot be verified by bootloader. Since Android by-design won't allow any app (system or user) to run with root privileges, we have to modify critical parts like boot.img (which contains kernel) and/or system.img (which contains Android OS/ROM) in order to gain root access. Everything in between - bootloaders, Device Tree, Linux kernel and Android OS code - is verified to be unaltered. This chain of trust starts with BootROM (the very first executable code which runs on Power ON) and ends at /system and /vendor partitions. On boot every software component verifies the integrity of the next component before loading it in memory. Simple answer is: It should not be possible to root Android devices without unlocking bootloader, but is possible for some devices due to security vulnerabilities or bad security implementations.Īndroid's security model recommends OEMs/SoC vendors implement a Chain of Trust which must have a hardware-backed root of trust - a cryptographic key. It cannot be answered in a generic way, should be “How to root XYZ Android device without unlocking bootloader?” This can be marked a duplicate of questions like this, but it's a device-specific question.
0 Comments
Leave a Reply. |