I just want to say a few more things.
It's possible relock the Bootloader after flash a new rom.
1
Conversation
Only Nexus and Pixel phones support locking the bootloader with an alternate OS. I'm obviously aware of that since I worked on an alternate OS preserving the security model used by the stock OS and AOSP. There's no point in locking it if the OS being used breaks that security.
2
Third party recovery images like TWRP don't preserve the security model and it's entirely pointless to lock the bootloader. It also prevents updating them since the OS won't be doing it. You're also missing that on modern devices that can have basic security verified boot exists.
1
Nexus 5X/6P and Pixel phones fully support verified boot for other operating systems and enable it when the bootloader is locked. Having a mismatched recovery or a tampered OS (i.e. sideloaded gapps) aren't compatible. LineageOS, etc. don't include verified boot support either.
1
I don't need you to explain to me how this works. You're wasting your time and mine. As I've said, devices without full security updates are a security disaster. Your Nexus 5 is incredibly insecure and easy to exploit, regardless of which insecure ROM you choose to run on it.
1
Nexus 5 stopped receiving support after October 2016. Using a ROM shipping the latest AOSP security patch doesn't fix that, as I've explained, since the vast majority of the driver, kernel and firmware updates aren't available. The firmware and many drivers are closed source too.
1
Some modified roms use modified kernels.
Firmware can be rewritten.
2
I read somewhere that someone was working on the Verified boot in modified Roms.
I repeat in security does not exist impossibles.
When you think you're safe there are people like me to break the security that you or someone else did.
1
Verified boot requires hardware support, as do many other security features. It's impossible to add it to a device without hardware support. As I already explained, the Nexus 5X/6P and Pixels have full support for verified boot with alternate operating systems. My work used it.
1
Your device doesn't have basic security updates for the vulnerabilities disclosed in the monthly bulletins. That's basic security hygiene. There's far more to security than fixing disclosed vulnerabilities and also you're missing years of advances in software / hardware security.
1
Fixing discovered vulnerabilities is basic security hygiene. Your device doesn't even have those basics. It isn't fixed by any ROM. You're in the same position as someone using WinXP in 2018 and trying to justify it by saying a couple out of thousands of bugs got binary patches.
I don't understand why you follow me or have interest in privacy / security hardening work if you don't even care about having basic security updates fixing the discovered vulnerabilities. It makes no sense and trying to argue from a position of total ignorance is just silly.
2
3
Phones should receive proper security updates for much longer. Google should move to supporting Pixels for at least 5 years. However, they're still doing the 3 years they did for Nexus devices and it isn't fixed by using a ROM with AOSP security updates after the end-of-life.
1
2
Show replies