I would assume this is good that it expands it to userdate. Can you share what specifically is included
This Tweet was deleted by the Tweet author. Learn more
Conversation
Replying to
Yes, it's a good thing. Verified boot already covered verification of all the firmware and the entirety of the OS partitions (vbmeta, boot/dtbo, system/vendor) which are all mounted as read-only at runtime and updated by writing to the alternate partition set. It covers more now.
1
Pixel 3 extends the verification to system component updates (code and data) in userdata, and potentially more than that in the future. It's not as useful for this hardened OS work because system components are likely only going to be (allowed to be) updated via OS updates.
Replying to
Ah ok. Would be nice if we could choose what kind of code is verified. As always great work Daniel. Hope my second pixel 3 arrives today. Then I can test this stuff as a daily driver. Thank you very much for continuing your work on hardening AOSP. Thx