Verified Boot

Verified boot uses cryptographic signatures and a hardware root of trust to verify that the OS image at boot has not been tampered with. The bootloader checks the kernel; the kernel checks the system image; each step refuses to continue if a signature does not validate. A device that fails verified boot either refuses to start or boots in a clearly degraded state to alert the user. iPhones have verified boot via the Secure Enclave. Pixel phones running stock Android or GrapheneOS have verified boot via the Titan M2 chip. Most other Android devices have weak or no verified boot, which is one reason GrapheneOS is Pixel-only. Verified boot defeats persistent malware that tries to install itself in system partitions. It does not defeat malware that lives only in user-installed apps or in the running OS without modifying boot images. Pair it with full-disk encryption (also hardware-backed on these devices) for end-to-end device integrity.