Addrom Bypass - Android 9

B6. Boot process: boot ROM → bootloader (primary/secondary) → verified boot signature checks → kernel init → init.rc → zygote/framework; integrity checks at bootloader and kernel (dm-verity), verified boot metadata enforced by bootloader/boot verifier. B7. Partition layouts: A/B = two sets for seamless updates, supports rollback protections, less reliance on recovery; non A/B uses recovery partition and OTA writes — both affect where tampering would occur and persistence techniques. B8. Hardware keystore & TEE: keys stored and used in TEE, HSM-backed attestation, making raw key extraction difficult; mitigations: require attacker to bypass TEE/hardware, which is costly. B9. OEM factors: bootloader lock policy and unlock token handling; whether Verified Boot enforcement is strict or permissive; availability of fastboot flashing and signed images; presence of OEM-specific recovery/diagnostic modes.