[tripdout]

Oh hey, really cool article. Do you know if I'm correct in my attempt at enabling EUD? Also I was unsure how you determined that it was disabled in the OnePlus 6? I thought only EL3 can read qfuses in general?

And you mean the apdp partition, right? That's a weird ELF file, contains almost nothing obvious (test key sig? DEBUG mention) and doesn't seem to be any executable code which I guess makes sense, but I wonder why they made it an ELF. Is there any info on interpreting these profiles?

So that profile gives you the unauthenticated ramdump as well? Seems to be a common theme with OnePlus, messing up security features.

[ARob109]

The Debug Policy apdp partition is flashed with an ELF “mbn” file. It is possible that sections are encrypted. At the very least it is likely signed. From a security perspective, hopefully the vendor signed with a prod key and not a test key.

In my experience, it is possible read to the fuses with a TrustZone TA, at least on a non-secure device.