Unprivileged filesystem mounts
Eric Biggers
ebiggers at kernel.org
Tue Mar 11 17:54:07 UTC 2025
On Tue, Mar 11, 2025 at 04:57:54PM +1100, Dave Chinner wrote:
> And is this a real attack vector that Android must defend against,
> why isn't that device and filesystem image cryptographically signed
> and verified at boot time to prevent such attacks? That will prevent
> the entire class of malicious tampering exploits completely without
> having to care about undiscovered filesystem bugs - that's a much
> more robust solution from a verified boot and system security
> perspective...
That's exactly how it works. See
https://source.android.com/docs/security/features/verifiedboot and
https://source.android.com/docs/security/features/verifiedboot/dm-verity.
- Eric
More information about the Linux-security-module-archive
mailing list