We all know that Windows Phone 7.5 or the mango users will not get a upgrade to Windows Phone 8 OS and keeping this in mind the custom rom developers are already waiting eagerly to get their hands on the OS and port it to Windows Phone 7 devices using custom roms.
We all hated when Microsoft said about no upgrades to current devices but its not just the business strategy but there is a major architecture change and specially when it comes to security. Microsoft said Windows Phone 8 will be enterprise ready which means it should not only be able to safeguard all data using the Bitlocker Encryption, but also make sure that nobody is able to install a custom rom and get into Corporate Network.
Safe Boot :
Each Windows Phone 8 comes with a Read Only Chip which has set of information already burnt into it. This Read only chip has a Unique ID for every phone and includes digital signatures certified by Microsoft. During the boot process, Firmware (United Extensible Firmware Interface or UEFI ) and Bootloader both have to agree on the sequence of steps and validate the hash of the Keys already available. This means the only way to build a correct custom rom is to get all those digital signatures in one place and without this, phone will not boot at all.
This sounds very similar to Windows 8 Boot Start Driver Initialization policy where administrators can restrict Windows Phone 8 boot completely if the boot start drivers are not signed and tampered, making sure no Anti Malware gets an easy way in.
Moreover Microsoft also shared about sandboxing of apps which means all the apps including Microsoft Apps will run under a sandbox which will restrict the app to get native access to lower level of the OS. This makes Windows Phone even more secure.