If you've been following developments in Android, you must have heard the name "Verified Boot" quite a bit over the past few years. Google introduced the security feature in Android 4.4 (Kitkat), in a completely non-intrusive way, and has been slowly increasing its visibility in the newer versions of its Android operating system.

Over the past few days, we've seen news about the presence of a "Strictly Enforced Verified Boot" in Google's latest iteration of the world's most used mobile OS. Android Nougat will use a higher level of security check when your device boots up. While Verified Boot only gave the user a warning on Marshmallow, in case it detected something wrong with the system partition, Android Nougat will take it a step further and use what Google calls a "Strictly Enforced Verified Boot", which will not allow the device to boot at all, if it detects anomalies in the partition, changes made to the boot manager, or the presence of "malicious" code in the device. This raises the question: "Exactly what does this mean for users?", it turns out, the answer differs for the two main categories of Android users (casual and advanced users), and we will provide the answer for both of them.

First, some background on Verified Boot: Typically, when Android runs a verification test on partitions, it does so by dividing the partitions into 4KiB blocks and checking them against a signed table. If everything checks out, it means the system is completely clean. However, if any blocks are found to be tampered or corrupted, Android informs the user about the problems and leaves it up to the user to resolve it (or not).

All that is about to change with Android Nougat and Strictly Enforced Verified Boot. When Verified Boot runs in forced mode, it will not tolerate any errors in the partitions. If it detects any issues, it will not allow the device to boot, and may allow the user to boot into a safe mode environment to try to fix the issues. However, Strictly Enforced Verified Boot is not just a check against bad data blocks. It can also usually correct errors in data blocks. This is made possible by the presence of Forward Error Correcting codes, which can be used to correct errors in data blocks. However, this may not always work, and in cases where it doesn't, you're pretty much dead in the water.