Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
menzoic a day ago

How is the security risk propaganda?

msgodel a day ago | parent | next [-]

If your security model means me having access to my own hardware is a security risk you're malicious and your security model is bad.

flotzam a day ago | parent | prev | next [-]

It's not (only) propaganda. Rooting disables or bypasses verified boot, allowing exploits to persist across a reboot.

franga2000 a day ago | parent | next [-]

Malware van persist across reboots regardless of verified boot. What it can't do is persist through a factory reset.

But if you really want a thorough reset, simply re-lock the bootloader and flash stock firmware from there. Nothing can persist through that without an exploit in the verification chain and if you have that kind of exploit, you don't need the bootloader to be unlocked in the first place.

Also, there are devices out there that let you enroll your own keys, like the Google Pixel series.

flotzam a day ago | parent [-]

> Malware [c]an persist across reboots regardless of verified boot.

Some can, some can't. Even when it can persist, escalating to root after every reboot may be unreliable or noisy (e.g. 70% chance of success, 30% crash) compared to straight persistence as root without verified boot.

> Also, there are devices out there that let you enroll your own keys, like the Google Pixel series.

This still applies to those devices. It's the main reason GrapheneOS (which exclusively runs on Pixels, with the bootloader relocked to a GrapheneOS key) is opposed to building in root access: Verified boot would be "enabled", but effectively bypassed. https://xcancel.com/GrapheneOS/status/1730435135714050560

a day ago | parent | prev [-]
[deleted]
ahoka a day ago | parent | prev [-]

It's the hardware vendor's "think of the children".