[realusername]

Locked bootloader should just be competely forbidden, even for brand new devices. Hardware and phone owners have the right to make any change they see fit on their device, no matter if the manufacturer thinks it's ok or not.

[goku12]

I agree with you fully on this. Unfortunately, the odds are stacked very unfavorably against us. It's not just the manufacturers who resort to these underhanded profiteering tactics. Even the regulatory agencies are for locking down the firmware.

Their argument is that an unlocked firmware would allow us to override regulatory restrictions like the RF output power or the IMEI number. That argument has some merit. However, my opinion is that such restrictions should be implemented as hardware interlocks that are unchangeable through software. Thus, we would be free to change the software as we like. Sadly, both the manufacturers and the regulatory agencies tend to completely ignore that solution, so that they can retain their excess control.

[realusername]

I always found this claim completely bogus, you can always do something illegal with your phone, there's no way to prevent everything with software.

This is the goal of law enforcement and justice in general and in this argument, a hardware manufacturer is substituting this role, when we say that, we can see the overreach. Manufacturers aren't public entities able to make such decisions.

[allreduce]

It's trivially easy to break those restrictions with off the shelf SDR hardware you can buy rather cheaply.

Locking people out of their phone does not raise the skill or effort ceiling much, as there still presumably would be software restrictions in place.

[palata]

There are security reasons to use locked bootloaders.

But I do agree that we should be able to unlock and relock the bootloader. That's one of the reasons GrapheneOS supports the Google Pixel, for instance. The security model relies on the locked bootloader.

[realusername]

Very few people need a GrapheneOS level of security anyways.

Yeah sure there's a few cases where it make sense but they are few and far between.

[palata]

I meant it's part of the Android security model. That's what makes Android more secure than Desktop OSes, for instance. A locked bootloader is a great way to make sure that the base system hasn't been tampered with, e.g. by malware.

It is desirable for anyone who doesn't want malware.

[realusername]

I mean yeah sure, third party apps on android have a strong security model but what's the point when GrapheneOS is the only rom making updates on time, the play store runs as admin and manufacturer apps and driver can do whatever they want?

The OS is borked even before you install even a single of these highly sandboxed third party apps.

While in theory that model sounds great, in practice the security is worse than your average Linux distribution and the only people which managed to make it work is the GrapheneOS non-profit representing less that 0.1% of the devices.

(And ironically the only secure Android rom doesn't fully pass Play Integrity)

[palata]

Well the secure boot is about the OS itself. Of course... you have to trust the OS. Including all the firmwares that are embedded into it and make your hardware run.

I don't know if there is much value in arguments like "in theory that's great, but in practice I don't trust anyone other than X so anything that is not X is worse".

[realusername]

> Well the secure boot is about the OS itself. Of course... you have to trust the OS.

So we're back to square one then, it's pointless because you can't trust mobile OS like you can with desktop OS.

Before talking about secure boot, Android needs a way to attest what's in the OS we're saying we are booting...

I'm not even sure Google themselves are fully aware of what's inside specific models.

> I don't know if there is much value in arguments like "in theory that's great, but in practice I don't trust anyone other than X so anything that is not X is worse".

I would rephrase it as why attesting that we have an unknown and outdated OS is valuable to the phone owner?