Google released final Android 7.0 Nougat Developer Preview 5 earlier this week. Today Google has announced that it will be strictly enforcing verified boot in Android 7.0 so if the device has a corrupt boot image, it will not boot or will boot in a limited capacity with user consent. This improves security by using cryptographic integrity checking to detect changes to the operating system.
According to Google, “Such strict checking, though, means that non-malicious data corruption, which previously would be less visible, could now start affecting process functionality more.”
Even though strictly enforced verified boot improves security, it can also reduce reliability by increasing the impact of disk corruption that may occur on devices due to software bugs or hardware issues since the verification could shut off access to data blocks and trigger unusual behavior. This may also make it tougher for those who use custom firmware.
You can read more about the technical side of verified boot in the Android developers blog here.