Preventing firmware modification

Is there any way to prevent开发者_开发问答 firmware modification in android aosp rom? The rom is to be flashed into Nexus One and unauthorized users will not be able to make any modification including flashing another rom. Thanks.

Handset manufacturers have been trying to do just this for a long time - almost all have failed.

Most attempts are software based an usually have flaws that can be exploited to enable local root access. At that point, you've already lost the battle.

Just flashing a new ROM will never allow you to prevent unauthorised modifications since an attacker can just boot to the bootloader and have unrestricted access from there. Your best bet may be to write a custom bootloader, but this is beyond what most people can achieve, plus, there's no guarantee that even this is secure from tampering.

Off the top of my head, the only people who have come close to achieving this is Motorola with their electronic fuse that blows if the loaded ROM is detected to be unauthorised (using digital signatures, I believe).

In short, there is probably nothing you can reasonably do to prevent unauthorised modification - once the handset is in somebody else's possession, you can't trust that it is unmodified.

Since the nexus one comes with an unlockable bootloader (that you would use to install your firmware) the short answer is that you can't.

However what you can do is write an application that validates that your phone is in the state you expect but that too could be reverse engineered.