Conversation

I'm sure that will give bootrom exploits more thinking and understand that checkm8-style exploits will happen eventually. SOLUTION: avoid embarrassment by providing an option to unlock the boot (w/ pincode). Don't fight it and lose - #FreeTheSandbox and WIN!
4
569
Replying to
I love phones which allow unlocking the bootloader (most of Android) or installing custom signing keys. But some people need to be able to trust their phone. Even w/custom keys a bootrom exploit is undesirable. It's hard to make a secure boot chain with compromised components.
2
13
This Tweet is from a suspended account. Learn more
The Nexus 5X and 6P were the initial Nexus devices with full verified boot for the OS and they provided full support for using it with alternative operating systems from the beginning. Pixel and Pixel XL used a similar implementation, and it got better in the following devices.
1
4
See android.googlesource.com/platform/exter for documentation of the current generation OS verified boot implementation. Qualcomm's bootloader sources are at source.codeaurora.org/quic/la/abl/ti as an example of a firmware implementation. Can see they bundle libavb and implement the familiar bootloader UI.
5