claims about it and misrepresent the compromises involved as you are repeatedly doing. My recommendation to you was to at least use the Pinephone and avoid worse problems. If you want to ignore that recommendation, that's fine, but don't expect me to spend more time on this.
Conversation
Also, verified boot is PRIMARILY not about defending against physical tampering. The primary threat model is persistent compromise. So even when it comes to that feature, which is dwarfed by the importance of other aspects of hardware security, you present it in a warped way.
2
1
I don't really think engaging with you on these topics is productive. Doesn't seem to go anywhere and it's not going to become an in-depth discussion if you're just jumping being different things in way that's very misleading / inaccurate and unfocused on anything in particular.
1
I can't tell what you actually want to do anymore or what you're talking about / comparing. You were talking about porting AOSP to those devices, then presenting issues with making an OS for Pixels using the official vendor support as issues with AOSP, etc. Can't follow it.
1
I am weighing risk pros/cons of three short term paths.
1. Blindly trust endless vendor blobs and do constant reveng work for Pixels.
2. Try to port AOSP on more OSS friendly H/W Librem5/Pinephone
3. Build minimal feature phone Linux on Librem5/Pinephone.
2
1
1. Blindly trust endless vendor blobs
This is true regardless of which device you choose since they all have fundamentally closed source hardware, with the vast majority of the complexity in this regard, along with a lot of closed source firmware.
1
Also, you are blindly trusting the open source code including the Linux kernel code in exactly the same way. The closed source SoC vendor libraries are not black boxes, and in fact the source code is shared under NDA. If you really wanted access I'm sure you could get it.
1
Either way, I don't see you doing any code review / auditing or hardening. It's theoretical that you would be doing something like that with the source code. You blindly trust both open and closed source code. You blindly trust the hardware and firmware. This is universal.
2
2. Try to port AOSP on more OSS friendly H/W Librem5/Pinephone
You would have more support using a full OSS stack on Android hardware, and you'd have better firmware/hardware security to build on too. You don't have to be using the official device support code from the stock OS.
1
1
You made a choice to target Pixels in particular and to use the official device support code. That's not representative of AOSP as a whole, it's how you chose to approach this with all the compromises involved in that specific way of doing it. If your top priority was having full
1
control over your own destiny and a fully open source device support implementation, then I'm not sure why you would have chosen to use Pixels and particularly using them via the official device support code instead of the mainline drivers and software stacks built on those.
If you're fine with a whole lot of missing functionality, which it seems clear you are, then there's nothing forcing you to use the same device support code as the stock OS when there are other options available. I do not see how those 2 devices are any friendlier / easier.