Conversation

Only Nexus and Pixel phones support locking the bootloader with an alternate OS. I'm obviously aware of that since I worked on an alternate OS preserving the security model used by the stock OS and AOSP. There's no point in locking it if the OS being used breaks that security.
2
Third party recovery images like TWRP don't preserve the security model and it's entirely pointless to lock the bootloader. It also prevents updating them since the OS won't be doing it. You're also missing that on modern devices that can have basic security verified boot exists.
1
Nexus 5X/6P and Pixel phones fully support verified boot for other operating systems and enable it when the bootloader is locked. Having a mismatched recovery or a tampered OS (i.e. sideloaded gapps) aren't compatible. LineageOS, etc. don't include verified boot support either.
1
I don't need you to explain to me how this works. You're wasting your time and mine. As I've said, devices without full security updates are a security disaster. Your Nexus 5 is incredibly insecure and easy to exploit, regardless of which insecure ROM you choose to run on it.
1
Nexus 5 stopped receiving support after October 2016. Using a ROM shipping the latest AOSP security patch doesn't fix that, as I've explained, since the vast majority of the driver, kernel and firmware updates aren't available. The firmware and many drivers are closed source too.
1
Verified boot requires hardware support, as do many other security features. It's impossible to add it to a device without hardware support. As I already explained, the Nexus 5X/6P and Pixels have full support for verified boot with alternate operating systems. My work used it.
1
Your device doesn't have basic security updates for the vulnerabilities disclosed in the monthly bulletins. That's basic security hygiene. There's far more to security than fixing disclosed vulnerabilities and also you're missing years of advances in software / hardware security.
1
I don't understand why you follow me or have interest in privacy / security hardening work if you don't even care about having basic security updates fixing the discovered vulnerabilities. It makes no sense and trying to argue from a position of total ignorance is just silly.
2
3
Phones should receive proper security updates for much longer. Google should move to supporting Pixels for at least 5 years. However, they're still doing the 3 years they did for Nexus devices and it isn't fixed by using a ROM with AOSP security updates after the end-of-life.
1
2
Show replies