search

Tasssadar / multirom

MultiROM for Nexus 7 and LG Optimus One
http://forum.xda-developers.com/showthread.php?t=2011403
GNU General Public License v3.0
415 stars 274 forks source link

Security issues #10

Closed n8fr8 closed 9 years ago

n8fr8 commented 10 years ago

First, AMAZING work. I will be sending a bitcoin donation shortly for this incredible tool.

My "issue" below is whether the system rw mode and no encryption support is impossible, or just hard?

"About security In order to make multi-booting possible, MultiROM has to sacrifice some security measures. Firstly, on secondary Android ROMs, /system is not mounted read-only. While there are other things preventing malicious software from messing with /system, this might potentialy make it easier for such software to attack that system. Next, MultiROM doesn't work with /data encryption. Not many people who use custom ROMs also use encryption anyway, so that isn't much of a concern."

Tasssadar commented 10 years ago

MultiROM uses bind mounts, and everything is on single partition. While read-only mount is possible with binds, it fucks up SuperSU (5f46691cf6), so it is not used. Encryption is not possible with bind mounts, because, again, everything is on single partition.

If I'd use image files instead of just bind mounts, read-only mounting would probably work fine and encryption would probably work fine too, but it would require much more work (adding support for decryption into multirom, adding decryption of inidividual ROMs into TWRP, ...) and it simply isn't worth it in my opinion. Image files also limit size of the ROM inside and resizing them isn't exactly fast nor simple.

vroad commented 10 years ago

I have ported UnOfficial Droid DNA Port to J Butterfly. With Sense ROMs mount says /system is mounted as readonly. Probably because /system/bin/mount in Sense ROMs probhibits remounting of system with read/write. When I want to mount system with read/write I just use buysbox's mount.

patcon commented 9 years ago

it simply isn't worth it in my opinion.

Just to put it out there (although it may have come up out-of-band), but I believe the idea is that this feature would allow MultiROM to be the foundation for a mobile version of Tails OS. It's definitely the most interesting candidate out there

ghost commented 9 years ago

a rom that I am excited about is guardian rom http://www.guardianrom.com/

patcon commented 9 years ago

Me too :)

Tasssadar commented 9 years ago

MultiROM supports encryption since v32 on nexus 7 (2012 & 2013), Nexus 5 and Nexus 6 only.

However, the moment you unlock your bootloader, install custom recovery and/or root the phone, the security is obviously broken, since anybody can install modified version of MultiROM or TWRP that records your password. I added the support because shamu is encrypted by default, and I wanted MultiROM to work with that.

ghost commented 9 years ago

How about people with devices like myself, the LG G2, which requires loki and or bump signing to even boot

. Struggling to bring this up to lollipop, any advice advice for devices which need additional signing