Newer runs of the devices will shipped with updated firmware/OS.
We consider it a problem that it takes us a couple weeks to move to new major OS versions we intend to solve that by getting partner access eventually such as via a hardware partner so that we can port earlier.
Conversation
On our own hardware, we'll also get to decide when we move to a new major OS version. On existing hardware, when a device moves to a new major OS version, we have to move to the new major OS version to continue providing basic privacy and security updates for the firmware, etc.
1
1
That's true regardless of whether there's anti-rollback protection for the boot chain firmware. On August 15th, Android 13 was released for Pixels. There was no August release for Android 12.1. The maximum obtainable patch level on Android 12.1 is 2022-08-01. We have to upgrade.
2
1
Or backport the fixes, like LineageOS tries to.
(Probably difficult long-term, but likely not for the first release especially since Graphene does their own security fixes)
1
2
LineageOS doesn't backport these fixes, and in fact they purposely mislead users about what has been shipped, set fake security patch levels and downplay the importance of the patches which are not available.
1
1
The last stock OS release for Pixels has the 2022-07-05 patch level. The highest obtainable patch levels on 4th, 5th and 6th generation Pixels is 2022-08-01. That can be obtained by applying the monthly August 12.1 security patches. 2022-08-05 and above on Pixels requires 13.
1
1
You can't obtain the 2022-08-05 patch level without shipping the updated SoC firmware, updated secure element firmware, other firmware and other device support code updates such as kernel and userspace driver changes which were released only as part of the Android 13 release.
1
LineageOS will likely choose to set the main patch level string to 2022-08-05 and then higher, but they won't have those patches, and the overall patch level string covers the device as a whole. It is not divided up the way they pretend and they do not ship the levels they claim.
1
1
Well, unless Graphene decides to ship a build that doesn't force burning the fuses, it seems LineageOS is still the best option available. :(
(The firmware can all be updated without burning the fuse, as far as I can tell)
1
Secure element updates apply anti-rollback version updates and that has been used for years.
The only reason the OS is involved for the SoC boot chain is because the OS knows when it has successfully booted and is responsible for disabling rollback + updating rollback indexes.
2
For the secure element, after you authenticate with the main Owner user, the OS uploads the new firmware to the secure element which only accepts it after the Owner user has authenticated. You've already been applying secure element updates with rollback counter updates.