1. 10
  1. 6

    This reminds me of Verified Boot in ChromeOS. This article from the same site is a good explanation about how Signed System Volumes work at a high level.

    1. 3

      Android 4.4 and higher has something similar: it can boot from a dm-verity volume, which is a read-only block device that has a merkel tree to define cryptographic integrity. The root hash is part of your secure boot chain and then the kernel can verify any block against tampering.