I am seeing a growing discussion on the need for more Linux phones in the market given Google’s problematic behaviour w.r.t the changes that will be introduced to that OS.
One very good point that some community member raised was that Android itself wasn’t the problem but the locking of the bootloader in the phone. If the bootloader could be unlocked, then it significantly lowers the bar for the end user to install their OS of choice.
I have dabbled with flashing OSs in old smartphones (GrapheneOS, Post market and Lineage). I commend the developers because I could do that without truly having to “understand the code” at the lower levels. But I assume that was possible because the boot loader could be unlocked somehow*. It seems that isn’t the case with many/most phone fro. Samsung / Xiomi, etc.
Are their bootloaders truly unlockable? Is it simply impossible to unlock and relock bootloaders?
- I know that with lineage, the bootloader couldn’t be relocked and that was touted as a security flaw. If someone could explain why this lock/unlock is so complex, I’d appreciate it.
A locked bootloader works with a trusted chain.
That means:
- There’s a trusted enclave on your phone, usually inside the SoC but sometimes it’s a dedicated chip. This chip has purposely very little access to it. This one contains the root keys for the encryption used on the phone.
- The phone only boots a bootloader verified by the trusted enclave.
- The verified bootloader verifies and only boots a verified system image.
If everything is implemented correctly and there are no bugs that can be exploited (like e.g. on newer Switch 1 models, older ones had a bug that was exploitable), then the only thing you can do is hardware exploits.
For that you could e.g. solder on a chip that hijacks the connection between the trusted enclave and the SoC (e.g. modchip on newer Switch 1 models) or you have to replace parts, e.g. the trusted enclave chip or the SoC (if the trusted enclave is within the SoC).
That’s usually the point where it becomes too costly to be worth it.
That’s how the OG XBOX mod chips worked!
https://connortumbleson.com/2021/06/21/original-xbox-mod-chips/
Obfuscation.
Nothing is truly unhackable. The difficulty lies in being unable to undo/retry any failed attempts because you don’t have an easy way to read or write to the hardware once you’ve done it wrong.
Which means if your attempt fails, this probably just means that you’re throwing the device away since you can’t fix it without access
Great answers here, just gonna add that practically everything is hackable, it’s just a question of how hard and what level of access is needed.
Sometimes to hack a device you might need to remove parts and solder in replacements, and that is already a level that is unrealistic for most.
Sometimes it’s worth the trouble:
Super relevant username.
Why?
Oh, didn’t know they named a company after me, cool
I’ll add “how expensive” to the list. Sometimes you’ll have to burn through devices.
deleted by creator
