Conversation

There are quite some discussion around Android 13 bumping the anti-rollback protection on Pixel 6, and people are shitting on Google for this. Not sure how much I'm allowed to disclose so I'll just say this: this decision is not made lightly; it's done because it's necessary.

845

This Tweet is from an account that no longer exists. Learn more

@LukeDashjr@BitcoinHackers.org on Mastodon

Replying to

and

Is Graphene going to burn the fuse too?

This Tweet is from an account that no longer exists. Learn more

@LukeDashjr@BitcoinHackers.org on Mastodon

Replying to

and

From what I read, the fuse is burned by the OS after it boots, so the bootloader alone shouldn't do it.

@LukeDashjr@BitcoinHackers.org on Mastodon

Replying to

and

It also sounds like this is DRM, _not_ a real security issue ("security" as a euphemism for DRM is popular, and there's reports that with the old bootloader, the owner can fool hardware attestation)

Replying to

and

A verified boot bypass is a very real security issue. The SoC firmware anti-rollback counter needs to be incremented when vulnerabilities are fixed which could be used to bypass verified boot. It breaks verified boot for the OS. Not much point in OS having it if that's not done.

Replying to

You've already irreversibly updated the secure element firmware many times. They've regularly increased anti-rollback counter for secure element, including on older Pixels. If you have Pixel 4 with Android 12.1 and flash Android 11, it's not going to downgrade Titan M firmware.

11:13 PM · Aug 17, 2022Twitter Web App

Replying to

There were regressions for Android 11 support in the newer Titan M firmware so certain features won't work anymore. It wasn't intended but rather that's what happens when support for legacy OS versions isn't actively tested or used in practice.