[ACCount36]

Phones are portable, and thus more likely to suffer from a physical attack. But that's about it.

It is, and always was a flimsy excuse to the strip user of control over his own device.

"Secure Boot" isn't actually there to protect the device from an attacker. It's there to "protect" the device from its own user. It's used to "secure" DRM schemes and App Store revenue streams.

[gruez]

>"Secure Boot" isn't actually there to protect the device from an attacker. It's there to "protect" the device from its own user. It's used to "secure" DRM schemes and App Store revenue streams.

1. Basically all the serious DRMs (eg. widevine L1) rely on the content being encrypted all the way to the display itself. The OS, secure boot or not, never sees the content in cleartext, because decryption happens in a secure enclave and is immediately encrypted to the display using HDCP.

2. The "app store revenue stream" excuse doesn't really make sense, because you can easily install third party apps on Android, even though nearly all phones have locked bootloaders.

[ACCount36]

Which is why even "unlocked" bootloader doesn't let the user load his own code into TrustZone.

The name "TrustZone" is rather ironic. It's most commonly used to run DRM code the user should never ever trust.

[fcpk]

This is exactly what it is. Google only implemented playintegrity api to please banks and governments. This is all to lock out users and secure revenue and spying agencies.