Conversation

There are quite some discussion around Android 13 bumping the anti-rollback protection on Pixel 6, and people are shitting on Google for this. Not sure how much I'm allowed to disclose so I'll just say this: this decision is not made lightly; it's done because it's necessary.

845

@LukeDashjr@BitcoinHackers.org on Mastodon

@LukeDashjr

Aug 17

Replying to

@topjohnwu

It's never necessary to tell the owner "no" Are you offering refunds beyond the 15 day window?

Replying to

You can only realistically get into this state if you unlock the bootloader. When you unlock the BL, you’ve voluntarily forfeit warranty (at least for software related issues like this one). I’m 100% sure that if your device bricked after a normal OTA, you’ll get a replacement.

Replying to

and

But those issues would not arise without the counter being incremented in the first place. With unlocked bootloaders, this should be a choice.

Replying to

and

Rollback is disabled before it updates the anti-rollback counter.

Replying to

and

It still hurts custom rom users. I already don't care about my safetynet state, why should I be locked to an android 13 bootloader for security issues that I choose to not care about?

Replying to

and

Rollback protection is part of verified boot. It has existed for the SoC boot chain, secure element and the OS itself for many years. Pixels have used it for the OS and secure element for years. It wasn't used in practice for SoC boot chain due to being a development annoyance.

Replying to

An important security feature not being fully implemented due to it being a development annoyance is problematic. GrapheneOS is an aftermarket OS focused on Pixels and we wanted this feature to start being used properly and complained about it not being done on the past devices.

@LukeDashjr@BitcoinHackers.org on Mastodon

Replying to

and

Looking at the code they used for this one, I would think even if stock Android didn't burn the fuses, Graphene could have...

Replying to

and

The firmware needs to have the updated version. We already use verified boot with rollback protection for the OS. It's different for OS because it's verified by last stage of SoC boot chain based on rollback indexes stored in secure element, which in practice are the patch level.

Replying to

In order for that to work properly, the boot chain firmware and secure element firmware need their own rollback protection. Pixels have had the hardware support for rollback protection deployed for years, but only used it for the secure element in practice and OS on top of it.

2:39 AM · Aug 18, 2022Twitter Web App

Replying to

The boot chain firmware needs rollback protection which is incremented after vulnerabilities able to bypass verified boot are fixed, otherwise those vulnerabilities can be used to bypass it despite security patches being shipped. It's a standard feature used on more than phones.