undefined | Better HN

0 pointsfc417fc8029mo ago0 comments

AFAIK that's true for many vendors but for example Pixels (and IIRC also OnePlus at least a few years ago) you can relock the bootloader with other keys.

The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.

Also for the record I think it's a silly attack vector for the average person to worry about. A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.

0 comments

acdha9mo ago

> A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.

No, but millions of women have controlling partners or friends who betray their trust and, for example, many people going through U.S. Customs are being asked to surrender control of their devices so they can be used without their knowledge. There’s a well-funded malware industry with a lot of customers now.

perching_aix9mo ago

> AFAIK that's true for many vendors but for example [on] Pixels you can relock the bootloader with other keys

Oh that's pretty cool, wasn't aware.

> The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.

Hold on, could you elaborate a bit on this? I thought it was an either/or type deal cause they do the same thing.

fc417fc802OP9mo ago

Many devices if you load up fastboot mode (is that the right name?) it will give you chipset and other information and it will have secureboot info there. It's permanently locked to chain into the AVB image. AVB is a much more complicated beast that specifies the existence of multiple partitions including (IIRC) one for storing authorized keys, one for the recovery, and a bunch of other stuff.

It's possible this has changed or was never widespread in the first place. I have a very limited (and historic) sample size.

j / k navigate · click thread line to collapse