1

On most Android devices, the bootloader checks following bootloader/software sign, right? Chain of trust. Signing technically means that the file must be encrypt with one (private) key and decrypted with another (public) key.

The software is compiled to executable binary and if we then sign/encrypt it, it's a mess (not machine code); so how can execute it after verifying the sign?

How an executable binary can be signed?

user385781
  • 11
  • 1
  • 1
    Please claify the problem you are trying to solve. What you mean by the words "binary" and "software"? Are you talking about the bootloader unlocking? – Irfan Latif Feb 07 '23 at 11:50
  • What you mean by signed executable? example? – alecxs Feb 07 '23 at 16:55
  • @alecxs I think OP is asking about how a bootloader verifies the integrity of the next stage bootloader before running it. But it's not evident from the question. – Irfan Latif Feb 08 '23 at 11:40
  • 1
    "Signing technically means that the file must be encrypt with one (private) key and decrypted with another (public) key.". This is not correct. Signature verification means that the hash of the file is encrypted with a private key. The encrypted hash (signature) is made available with the public key. The latter can be used by anyone to decrypt the former (and verify it against the newly calculated hash of the file). Signature and public key are usually distributed as an X.509 certificate. In case of bootloaders the certificate of a bootloader is appended to the bootloader binary itself. – Irfan Latif Feb 08 '23 at 11:51

0 Answers0