| ▲ | ForHackernews 10 hours ago | ||||||||||||||||
I think this is great news, but I thought GrapheneOS considered unlocked bootloaders to be a terrible security risk? What's changed? | |||||||||||||||||
| ▲ | strcat 4 hours ago | parent | next [-] | ||||||||||||||||
It has always been a hardware requirement to be able to unlock the device, install GrapheneOS and lock the device again. Verified boot has been a requirement since it was introduced for Pixels and the is main benefit of locking the device. There are additional security features enabled by verified boot. The overall hardware requirements are listed at https://grapheneos.org/faq#future-devices. | |||||||||||||||||
| ▲ | backscratches 9 hours ago | parent | prev | next [-] | ||||||||||||||||
Unlocked baotloaders are mandatory to install graphene, but so is the ability to re-lock the bootloader. | |||||||||||||||||
| |||||||||||||||||
| ▲ | prmoustache 6 hours ago | parent | prev [-] | ||||||||||||||||
You always have to temporarily unlock your bootloader to install graphene. The key point is being able to lock it again after installation. | |||||||||||||||||