Remix.run Logo
g-b-r 8 days ago

I don't understand your points, to my eyes if the bootloader is unlocked you simply either:

- don't provide the features for which you require a locked bootloader

- and don't do anything with the rest of the features

And anyhow, I'm almost sure that this is AOSP code (with a quick search I didn't manage to find it).

And, I don't know any carriers that require a locked bootloader outside of the US, and Samsung already only sold models without bootloader unlocking in the US.

rickdeckard 7 days ago | parent [-]

You should read up a bit more on the matter then. The bootloader is not shipped in an unlocked state, even on a device which supports BL-unlock.

Bootloader-unlock describes a feature which supports a controlled break of the trust-chain of the device, so telling the bootloader that it should continue executing the bootshell even if the signature check has failed.

In this state the OS should continue to boot despite of this state, and applications should gracefully handle such a condition.

The crucial parts of this are also not part of AOSP, it relies heavily on the chipset manufacturer and the OS-implementation of the device-vendor.

altairprime 5 days ago | parent [-]

Note that “applications should gracefully handle” does include “may opt to disable some or all functionality” here, in order to protect secure credentials, comply with merchant agreements, and so on. A productive example of this to study is how macOS behaves when secure boot is disabled, by disabling a couple specific attestation-mandatory features while leaving the majority of application functionality unaltered.