Remix.run Logo
fc417fc802 a day ago

AFAIK that's true for many vendors but for example Pixels (and IIRC also OnePlus at least a few years ago) you can relock the bootloader with other keys.

The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.

Also for the record I think it's a silly attack vector for the average person to worry about. A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.

acdha a day ago | parent | next [-]

> A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.

No, but millions of women have controlling partners or friends who betray their trust and, for example, many people going through U.S. Customs are being asked to surrender control of their devices so they can be used without their knowledge. There’s a well-funded malware industry with a lot of customers now.

perching_aix a day ago | parent | prev [-]

> AFAIK that's true for many vendors but for example [on] Pixels you can relock the bootloader with other keys

Oh that's pretty cool, wasn't aware.

> The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.

Hold on, could you elaborate a bit on this? I thought it was an either/or type deal cause they do the same thing.

fc417fc802 a day ago | parent [-]

Many devices if you load up fastboot mode (is that the right name?) it will give you chipset and other information and it will have secureboot info there. It's permanently locked to chain into the AVB image. AVB is a much more complicated beast that specifies the existence of multiple partitions including (IIRC) one for storing authorized keys, one for the recovery, and a bunch of other stuff.

It's possible this has changed or was never widespread in the first place. I have a very limited (and historic) sample size.